diff --git a/scripts/glance-cve-patching.sh b/scripts/glance-cve-patching.sh index 10c1e76..657509b 100644 --- a/scripts/glance-cve-patching.sh +++ b/scripts/glance-cve-patching.sh @@ -7,7 +7,7 @@ if [ ${OS_VERSION:-master} = "stable/2025.1" ]; then "requests==2.32.4" elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then # CVE fixes CVE-2024-34064,CVE-2024-56201,CVE-2024-56326,CVE-2025-27516,CVE-2024-36039,CVE-2024-42353,GHSA-h4gh-qq45-vh27, - # CVE-2023-29483,CVE-2024-3651,CVE-2024-35195,CVE-2024-4340,CVE-2024-37891,CVE-2024-5569,CVE-2024-12797 + # CVE-2023-29483,CVE-2024-3651,CVE-2024-35195,CVE-2024-4340,CVE-2024-37891,CVE-2024-5569,CVE-2024-12797,CVE-2024-47081 /var/lib/openstack/bin/pip install --upgrade \ "Jinja2==3.1.6" \ "PyMySQL>=1.1.1,<1.2" \ @@ -16,7 +16,7 @@ elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then "dnspython>=2.6.1,<2.7" \ "eventlet>=0.35.2,<0.36" \ "idna>=3.7,<3.8" \ - "requests>=2.32.0,<2.33" \ + "requests==2.32.4" \ "sqlparse>=0.5.0,<0.6" \ "urllib3==1.26.19" \ "zipp>=3.19.1,<3.20" diff --git a/scripts/heat-cve-patching.sh b/scripts/heat-cve-patching.sh index 646fece..f8bf571 100644 --- a/scripts/heat-cve-patching.sh +++ b/scripts/heat-cve-patching.sh @@ -7,7 +7,7 @@ if [ ${OS_VERSION:-master} = "stable/2025.1" ]; then "requests==2.32.4" elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then # CVE fixes CVE-2024-34064,CVE-2024-56201,CVE-2024-56326,CVE-2025-27516,CVE-2024-36039,CVE-2024-42353,GHSA-h4gh-qq45-vh27, - # CVE-2023-29483,CVE-2024-3651,CVE-2024-35195,CVE-2024-37891,CVE-2024-12797 + # CVE-2023-29483,CVE-2024-3651,CVE-2024-35195,CVE-2024-37891,CVE-2024-12797,CVE-2024-47081 /var/lib/openstack/bin/pip install --upgrade \ "Jinja2==3.1.6" \ "PyMySQL==1.1.1" \ @@ -16,6 +16,6 @@ elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then "dnspython==2.6.1" \ "eventlet==0.35.2" \ "idna==3.7" \ - "requests==2.32.0" \ + "requests==2.32.4" \ "urllib3==1.26.19" fi diff --git a/scripts/keystone-cve-patching.sh b/scripts/keystone-cve-patching.sh index 3792116..a999ffb 100644 --- a/scripts/keystone-cve-patching.sh +++ b/scripts/keystone-cve-patching.sh @@ -8,7 +8,7 @@ if [ ${OS_VERSION:-master} = "stable/2025.1" ]; then elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then # CVE fixes CVE-2024-34064,CVE-2024-56201,CVE-2024-56326,CVE-2025-27516,CVE-2024-36039,CVE-2024-42353,CVE-2024-34069, # CVE-2024-49766,CVE-2024-49767,GHSA-h4gh-qq45-vh27,CVE-2023-29483,CVE-2024-3651,CVE-2024-35195,CVE-2024-37891, - # CVE-2024-12797,CVE-2025-47278 + # CVE-2024-12797,CVE-2025-47278,CVE-2024-47081 /var/lib/openstack/bin/pip install --upgrade \ "Flask==3.1.1" \ "Jinja2==3.1.6" \ diff --git a/scripts/octavia-cve-patching.sh b/scripts/octavia-cve-patching.sh index a31a479..eaa2f21 100644 --- a/scripts/octavia-cve-patching.sh +++ b/scripts/octavia-cve-patching.sh @@ -8,7 +8,7 @@ if [ ${OS_VERSION:-master} = "stable/2025.1" ]; then elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then # CVE fixes CVE-2024-36039,CVE-2024-6827,CVE-2024-1135,CVE-2024-49767,CVE-2024-34069,CVE-2024-56326,CVE-2024-56326,CVE-2024-56201 # CVE-2024-35195,CVE-2024-37891,CVE-2024-3651,CVE-2023-29483,CVE-2024-49766,CVE-2024-42353,CVE-2025-27516,CVE-2024-34064 - # CVE-2024-12797 + # CVE-2024-12797,CVE-2024-47081 /var/lib/openstack/bin/pip install --upgrade \ "Jinja2==3.1.6" \ "PyMySQL==1.1.1" \ @@ -20,7 +20,7 @@ elif [ ${OS_VERSION:-master} = "stable/2024.1" ]; then "gunicorn==23.0.0" \ "idna==3.7" \ "pyopenssl==24.3.0" \ - "requests==2.32.0" \ + "requests==2.32.4" \ "urllib3==1.26.19" \ "zipp==3.19.1" fi