Skip to content

Commit

Permalink
Fix CVEs related to argocd. Downgrade to 2.13.5 instead of 2.14.2 (#292)
Browse files Browse the repository at this point in the history
  • Loading branch information
@nherment
nherment authored Feb 19, 2025
1 parent 2e3c0f9 commit 32a66c4
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,8 +42,10 @@ RUN chmod 777 kube-lineage
RUN ./kube-lineage --version

# Set the architecture-specific argocd URLs
ARG ARGOCD_ARM_URL=https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-arm64
ARG ARGOCD_AMD_URL=https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64
# Freezing to argocd 2.13.5 as it has fixes CVE-2025-21613 and CVE-2025-21614.
# The argocd release 2.14.2 (latest as 2025-02-19) unfortunately has these CVEs.
ARG ARGOCD_ARM_URL=https://github.com/argoproj/argo-cd/releases/download/v2.13.5/argocd-linux-arm64
ARG ARGOCD_AMD_URL=https://github.com/argoproj/argo-cd/releases/download/v2.13.5/argocd-linux-amd64
# Conditional download based on the platform
RUN if [ "$TARGETPLATFORM" = "linux/arm64" ]; then \
curl -L -o argocd $ARGOCD_ARM_URL; \
Expand Down

0 comments on commit 32a66c4

Please sign in to comment.