Upgrade pyasn1 version to 0.6.3#701

Open

vkmc wants to merge 3 commits intomasterfrom

Collaborator

vkmc commented Apr 14, 2026

The base ansible-operator:v1.38.1 image contains pyasn1 0.6.1, which is vulnerable to CVE-2026-30922

This change adds a pip3 upgrade step to install pyasn1>=0.6.3 which includes the MAX_NESTING_DEPTH protection against this attack.

vkmc force-pushed the fix-pyasn branch from 9e6f2ce to 86c4203 Compare

April 14, 2026 15:22

vkmc changed the title ~~Upgrade pyasn1 to fix CVE-2026-30922 DoS vulnerability~~ Upgrade pyasn1 version to 0.6.3

vkmc requested a review from elfiesmelfie

April 14, 2026 15:26


          Upgrade pyasn1 to 0.6.3 in base image

7d0f6d7

The base ansible-operator:v1.38.1 image contains pyasn1 0.6.1, which is
vulnerable to CVE-2026-30922.

This change adds a pip3 upgrade step to install pyasn1>=0.6.3 which
includes the MAX_NESTING_DEPTH protection against this attack.

Closes-Bug: OSPRH-27893

Co-Authored-By: Claude Sonnet 4.5 <[email protected]>

vkmc force-pushed the fix-pyasn branch from 86c4203 to 7d0f6d7 Compare

April 14, 2026 15:27

softwarefactory-project-zuul Bot commented Apr 14, 2026

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/5a35f236b533442eb4c67fe6afe76067

✔️ stf-crc-ocp_418-local_build SUCCESS in 47m 08s
✔️ stf-crc-ocp_420-local_build SUCCESS in 43m 18s
❌ stf-crc-ocp_418-local_build-index_deploy FAILURE in 27m 56s
✔️ stf-crc-ocp_420-local_build-index_deploy SUCCESS in 46m 56s
❌ stf-crc-ocp_418-nightly_bundles-index_deploy FAILURE in 29m 01s
✔️ stf-crc-ocp_420-nightly_bundles-index_deploy SUCCESS in 39m 19s
✔️ stf-crc-ocp_418-catalog_deploy SUCCESS in 36m 42s
✔️ stf-crc-ocp_420-catalog_deploy SUCCESS in 32m 40s

Collaborator Author

vkmc commented Apr 15, 2026

recheck

softwarefactory-project-zuul Bot commented Apr 15, 2026

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/2438be11ff4d4370be5bbfbfc8467c0e

❌ stf-crc-ocp_418-local_build NODE_FAILURE Node request 100-0008210843 failed in 0s
✔️ stf-crc-ocp_420-local_build SUCCESS in 42m 40s
❌ stf-crc-ocp_418-local_build-index_deploy FAILURE in 27m 28s
✔️ stf-crc-ocp_420-local_build-index_deploy SUCCESS in 45m 21s
❌ stf-crc-ocp_418-nightly_bundles-index_deploy FAILURE in 30m 00s
✔️ stf-crc-ocp_420-nightly_bundles-index_deploy SUCCESS in 37m 10s
❌ stf-crc-ocp_418-catalog_deploy FAILURE in 29m 21s
✔️ stf-crc-ocp_420-catalog_deploy SUCCESS in 34m 56s

Collaborator Author

vkmc commented Apr 15, 2026

recheck

softwarefactory-project-zuul Bot commented Apr 15, 2026

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/451534aa2535416daa8cec447f2d7dd6

❌ stf-crc-ocp_418-local_build NODE_FAILURE Node request 100-0008211060 failed in 0s
✔️ stf-crc-ocp_420-local_build SUCCESS in 43m 58s
❌ stf-crc-ocp_418-local_build-index_deploy FAILURE in 30m 52s
✔️ stf-crc-ocp_420-local_build-index_deploy SUCCESS in 47m 20s
❌ stf-crc-ocp_418-nightly_bundles-index_deploy FAILURE in 25m 45s
✔️ stf-crc-ocp_420-nightly_bundles-index_deploy SUCCESS in 36m 28s
❌ stf-crc-ocp_418-catalog_deploy FAILURE in 27m 02s
✔️ stf-crc-ocp_420-catalog_deploy SUCCESS in 32m 55s

Collaborator Author

vkmc commented Apr 17, 2026

recheck

vkmc requested a review from compi-migui

April 17, 2026 14:39

softwarefactory-project-zuul Bot commented Apr 17, 2026

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/26050aedc7a54a02989c92bbcb8cca63

❌ stf-crc-ocp_418-local_build FAILURE in 26m 13s
✔️ stf-crc-ocp_420-local_build SUCCESS in 42m 44s
❌ stf-crc-ocp_418-local_build-index_deploy FAILURE in 29m 57s
✔️ stf-crc-ocp_420-local_build-index_deploy SUCCESS in 45m 04s
❌ stf-crc-ocp_418-nightly_bundles-index_deploy FAILURE in 30m 04s
✔️ stf-crc-ocp_420-nightly_bundles-index_deploy SUCCESS in 35m 19s
✔️ stf-crc-ocp_418-catalog_deploy SUCCESS in 37m 48s
✔️ stf-crc-ocp_420-catalog_deploy SUCCESS in 37m 55s


          Merge branch 'master' into fix-pyasn

d350735

softwarefactory-project-zuul Bot commented Apr 28, 2026

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/5e77bae4466f4f67ac373c086e58b051

✔️ stf-crc-ocp_418-local_build SUCCESS in 46m 28s
✔️ stf-crc-ocp_420-local_build SUCCESS in 43m 45s
❌ stf-crc-ocp_418-local_build-index_deploy FAILURE in 28m 16s
✔️ stf-crc-ocp_420-local_build-index_deploy SUCCESS in 46m 01s
❌ stf-crc-ocp_418-nightly_bundles-index_deploy FAILURE in 25m 16s
✔️ stf-crc-ocp_420-nightly_bundles-index_deploy SUCCESS in 35m 39s
✔️ stf-crc-ocp_418-catalog_deploy SUCCESS in 35m 20s
✔️ stf-crc-ocp_420-catalog_deploy SUCCESS in 32m 44s


          Merge branch 'master' into fix-pyasn

6939f3a

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet