-
Notifications
You must be signed in to change notification settings - Fork 488
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump otelgrpc to fix CVE 2023 47108 #5806
Merged
ptodev
merged 9 commits into
grafana:main
from
hainenber:bump-otelgrpc-to-fix-CVE-2023-47108
Nov 27, 2023
Merged
Bump otelgrpc to fix CVE 2023 47108 #5806
ptodev
merged 9 commits into
grafana:main
from
hainenber:bump-otelgrpc-to-fix-CVE-2023-47108
Nov 27, 2023
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ptodev
approved these changes
Nov 23, 2023
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, but there are linter errors.
Signed-off-by: hainenber <[email protected]>
Signed-off-by: hainenber <[email protected]>
Signed-off-by: hainenber <[email protected]>
Signed-off-by: hainenber <[email protected]>
hainenber
force-pushed
the
bump-otelgrpc-to-fix-CVE-2023-47108
branch
from
November 25, 2023 08:23
12fd5af
to
cda51e2
Compare
Signed-off-by: hainenber <[email protected]>
Fixed in latest commit. PTAL. Thanks! |
ptodev
reviewed
Nov 27, 2023
ptodev
reviewed
Nov 27, 2023
Using noop.NewTracerProvider from "go.opentelemetry.io/otel/trace/noop" instead.
Comply with the ordering in: https://github.com/grafana/agent/blob/main/docs/developer/contributing.md#updating-the-changelog
rfratto
pushed a commit
to rfratto/agent
that referenced
this pull request
Nov 30, 2023
* Fix CVE-2023-47108 by updating `otelgrpc` from v0.45.0 to v0.46.0. * Stop using the deprecated trace.NewNoopTracerProvider. Using noop.NewTracerProvider from "go.opentelemetry.io/otel/trace/noop" instead. * Reorder changelog Comply with the ordering in: https://github.com/grafana/agent/blob/main/docs/developer/contributing.md#updating-the-changelog --------- Signed-off-by: hainenber <[email protected]> Co-authored-by: Paulin Todev <[email protected]> (cherry picked from commit a2348a0)
rfratto
added a commit
that referenced
this pull request
Nov 30, 2023
* Allow x-faro-session-id header for faro receiver (#5835) (cherry picked from commit cc7cb37) * misc: follow up on #5835 (#5837) * Add missing CHANGELOG entry * Mirror fix to static mode (cherry picked from commit 7da5726) * Agent Management: Introduce support for template variables (#5788) * Agent Management: Introduce support for template variables - This change allows managing template variables for remote configuration on a per-agent basis. - Both base configurations and snippets can be interpreted as templates and evaluated at load time with the provided template variables. - Templates must follow go's `text/template` syntax. - This greatly increases the flexibility and reusability of snippets. - Template evaluation has been tested in different scenarios and seems really robust. If the variables defined in the template cannot be resolved (even nested ones), and empty string is rendered instead. - Note: templates are only evaluated when the `template_variables` field within the `agent_metadata` remote config field is non-empty. - Note: this feature only applies to static mode. * Improve naming * Check error for template execution * Add tests - Tests different scenarios, including: - Referencing non existing nested objects - Conditionals - Ranges - Character escaping * Update CHANGELOG * Always evaluate templates - This is required because certain agents might start before their labels are synced. If some of the snippets assigned to them contain template variables, loading the config will fail. * Add test for template inside a template - Templates inside templates must be escaped using backticks to avoid them being evaluated by the snippet template execution * Move feature to the next release in CHANGELOG * Document templating functionality * Fix doc (cherry picked from commit d388f94) * pyroscope.scrape: change error log level to not swallow errors (#5840) (cherry picked from commit 2242e4a) * Update windows defaults to use upstream defaults except for enabled collectors. (#5832) Fix #5831 and use the defaults from windows. (cherry picked from commit 15d3d9f) * Bump otelgrpc to fix CVE 2023 47108 (#5806) * Fix CVE-2023-47108 by updating `otelgrpc` from v0.45.0 to v0.46.0. * Stop using the deprecated trace.NewNoopTracerProvider. Using noop.NewTracerProvider from "go.opentelemetry.io/otel/trace/noop" instead. * Reorder changelog Comply with the ordering in: https://github.com/grafana/agent/blob/main/docs/developer/contributing.md#updating-the-changelog --------- Signed-off-by: hainenber <[email protected]> Co-authored-by: Paulin Todev <[email protected]> (cherry picked from commit a2348a0) * fix(otelcol/fanoutconsumer): nil check during fanout consumer creation (#5854) Signed-off-by: hainenber <[email protected]> (cherry picked from commit 84344fb) * prometheus.operator.* - Fix issue with missing targets when one monitor's name is a prefix of another (#5862) Co-authored-by: Paul Bormans <[email protected]> (cherry picked from commit f232fb4) * max_cache_size was being set to 0 (#5869) * max_cache_size was being set to 0, due to issue where it doesnt exist in static but the default wasnt carrying over to river syntax. In truth we should never write it. * Clean up from PR (cherry picked from commit 356c50c) * Add Deploy Mode to usage stats. (#5880) Co-authored-by: Clayton Cornell <[email protected]> (cherry picked from commit 7bf82ea) * Fix promtail converter: docker_sd_configs (#5881) * Fix promtail converter: docker_sd * changelog and lint * typo (cherry picked from commit c5dc968) * prepare for 0.38.1 release (#5891) (cherry picked from commit fc2fd5b) * fix misplaced CHANGELOG entry for #5869 --------- Co-authored-by: Cedric Ziel <[email protected]> Co-authored-by: Jorge Creixell <[email protected]> Co-authored-by: Tolya Korniltsev <[email protected]> Co-authored-by: mattdurham <[email protected]> Co-authored-by: Đỗ Trọng Hải <[email protected]> Co-authored-by: Craig Peterson <[email protected]> Co-authored-by: Piotr <[email protected]>
github-actions
bot
added
the
frozen-due-to-age
Locked due to a period of inactivity. Please open new issues or PRs if more discussion is needed.
label
Feb 21, 2024
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Labels
frozen-due-to-age
Locked due to a period of inactivity. Please open new issues or PRs if more discussion is needed.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
PR Description
Fixes CVE-2023-47108
Which issue(s) this PR fixes
Fixes #5803
Notes to the Reviewer
PR Checklist