Add release v2.8.8

rajch · Jun 19, 2024 · b0477a2 · b0477a2
1 parent 8111775
commit b0477a2
Show file tree

Hide file tree

Showing 5 changed files with 36 additions and 31 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,7 @@
+## Release 2.8.8
+
+The alpine base image used by `weave-kube` and `weave-npc` has been upgraded to version 3.20.0 in this release. This removes several CVEs.
+
 ## Release 2.8.7
 
 This release has upgraded dependencies based on CVE recommendations.

diff --git a/reweave/CHANGELOG.md b/reweave/CHANGELOG.md
@@ -2,6 +2,11 @@
 
 All changes made to the weave net codebase during the reweave effort will be documented in this file.
 
+## 2.8.8
+
+* Changed version in `reweave/Makefile` to 2.8.8
+* Modified reweave and main CHANGELOG.md
+
 ## 2.8.8-beta1
 
 ### Changed

diff --git a/reweave/Makefile b/reweave/Makefile
@@ -1,4 +1,4 @@
-IMAGE_VERSION ?= 2.8.8-beta1
+IMAGE_VERSION ?= 2.8.8
 REGISTRY_USER ?= rajchaudhuri
 
 ALPINE_BASEIMAGE ?= alpine:3.20.0

diff --git a/reweave/scans/badge.json b/reweave/scans/badge.json
@@ -1 +1 @@
-{"schemaVersion": 1, "label": "Vulnerabilty count", "message": "4", "color": "orange"}
+{"schemaVersion": 1, "label": "Vulnerabilty count", "message": "3", "color": "orange"}
diff --git a/reweave/scans/report.md b/reweave/scans/report.md
@@ -1,65 +1,61 @@
 # Vulnerability Report
 
 ```
-Report date: 2024-06-18
-Unique vulnerability count: 4
-Images version: 2.8.8-beta1
+Report date: 2024-06-19
+Unique vulnerability count: 3
+Images version: 2.8.8
 ```
 
 ## Scanner Details
 
 ```
 Application:         grype
-Version:             0.77.2
-BuildDate:           2024-05-01T16:20:45Z
-GitCommit:           bd16101ad0ed30c38e95d0992d0ad53f709dc5df
-GitDescription:      v0.77.2
+Version:             0.79.1
+BuildDate:           2024-06-17T19:33:32Z
+GitCommit:           239741f535c59d6e1b9faee61f64ebcf4361d2c5
+GitDescription:      v0.79.1
 Platform:            linux/amd64
-GoVersion:           go1.21.9
+GoVersion:           go1.22.4
 Compiler:            gc
-Syft Version:        v1.3.0
+Syft Version:        v1.7.0
 Supported DB Schema: 5
 ```
 
 ## Vulnerabilities
 
-### weave-kube: (4) 
+### weave-kube: (3) 
 
 ```
 NAME    INSTALLED  FIXED-IN  TYPE       VULNERABILITY   SEVERITY 
-stdlib  go1.22.2             go-module  CVE-2024-24790  Unknown   
-stdlib  go1.22.2             go-module  CVE-2024-24789  Unknown   
-stdlib  go1.22.2             go-module  CVE-2024-24788  Unknown   
-stdlib  go1.22.2             go-module  CVE-2024-24787  Unknown
+stdlib  go1.21.9             go-module  CVE-2024-24790  Critical  
+stdlib  go1.21.9             go-module  CVE-2024-24789  Medium    
+stdlib  go1.21.9             go-module  CVE-2024-24787  Unknown
 ```
 
-### weave-npc: (4) 
+### weave-npc: (3) 
 
 ```
 NAME    INSTALLED  FIXED-IN  TYPE       VULNERABILITY   SEVERITY 
-stdlib  go1.22.2             go-module  CVE-2024-24790  Unknown   
-stdlib  go1.22.2             go-module  CVE-2024-24789  Unknown   
-stdlib  go1.22.2             go-module  CVE-2024-24788  Unknown   
-stdlib  go1.22.2             go-module  CVE-2024-24787  Unknown
+stdlib  go1.21.9             go-module  CVE-2024-24790  Critical  
+stdlib  go1.21.9             go-module  CVE-2024-24789  Medium    
+stdlib  go1.21.9             go-module  CVE-2024-24787  Unknown
 ```
 
-### weave: (4) 
+### weave: (3) 
 
 ```
 NAME    INSTALLED  FIXED-IN  TYPE       VULNERABILITY   SEVERITY 
-stdlib  go1.22.2             go-module  CVE-2024-24790  Unknown   
-stdlib  go1.22.2             go-module  CVE-2024-24789  Unknown   
-stdlib  go1.22.2             go-module  CVE-2024-24788  Unknown   
-stdlib  go1.22.2             go-module  CVE-2024-24787  Unknown
+stdlib  go1.21.9             go-module  CVE-2024-24790  Critical  
+stdlib  go1.21.9             go-module  CVE-2024-24789  Medium    
+stdlib  go1.21.9             go-module  CVE-2024-24787  Unknown
 ```
 
-### weaveexec: (4) 
+### weaveexec: (3) 
 
 ```
 NAME    INSTALLED  FIXED-IN  TYPE       VULNERABILITY   SEVERITY 
-stdlib  go1.22.2             go-module  CVE-2024-24790  Unknown   
-stdlib  go1.22.2             go-module  CVE-2024-24789  Unknown   
-stdlib  go1.22.2             go-module  CVE-2024-24788  Unknown   
-stdlib  go1.22.2             go-module  CVE-2024-24787  Unknown
+stdlib  go1.21.9             go-module  CVE-2024-24790  Critical  
+stdlib  go1.21.9             go-module  CVE-2024-24789  Medium    
+stdlib  go1.21.9             go-module  CVE-2024-24787  Unknown
 ```
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		{"schemaVersion": 1, "label": "Vulnerabilty count", "message": "4", "color": "orange"}
		{"schemaVersion": 1, "label": "Vulnerabilty count", "message": "3", "color": "orange"}