CVE-2021-36159 and CVE-2021-3711

[nunojusto]

Preflight Checklist

• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for an issue that matches the one I want to file, without success.
• I am not looking for support or already pursued the available support channels without success.

Version

2.30.0

Storage Type

Kubernetes

Installation Type

Custom Helm chart

Expected Behavior

There are vulnerabilities CVE-2021-36159 and CVE-2021-3711 already corrected in base alpine3.14.2 version but not released in dex image (v2.30.0).
What we need is a new dex image release. I see the code is already bumped to have the latest alpine.
When are we releasing the next version? Is it soon?

Thank you

Actual Behavior

CVE-2021-36159 and CVE-2021-3711

Steps To Reproduce

No response

Additional Information

No response

Configuration

No response

Logs

No response

[sagikazarmark]

@nunojusto Thanks for opening this issue. 2.30.1 will be released soon.

[sagikazarmark]

https://github.com/dexidp/dex/releases/tag/v2.30.1

[nunojusto]

Hi Márk, you forgot to tag the container image to v2.30.1 ... i'll assume it's the latest but it's not tagged to the minor version

[nunojusto]

Forget what i've said. The CI is still progress. Sorry

[sagikazarmark]

Hm, CI is failing for some reason. Sorry about that.

[sagikazarmark]

Should be fixed