Skip to content

Commit

Permalink
Merge pull request #560 from grosser/grosser/doc
Browse files Browse the repository at this point in the history 
spell out vuln more
  • Loading branch information
@cben
cben authored Mar 25, 2022
2 parents 9ca1153 + 0b9ec54 commit 831e360
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,10 +10,10 @@ The client supports GET, POST, PUT, DELETE on all the entities available in kube
The client currently supports Kubernetes REST api version v1.
To learn more about groups and versions in kubernetes refer to [k8s docs](https://kubernetes.io/docs/api/)

## VULNERABILITY❗
## VULNERABILITY in <= v4.9.2

If you use `Kubeclient::Config`, all gem versions released before 2022 could return incorrect `ssl_options[:verify_ssl]`,
endangering your connection and cluster credentials.
If you use `Kubeclient::Config`, all gem versions <= v4.9.3 can return incorrect `ssl_options[:verify_ssl]`,
allowing MITM attacks on your connection and thereby stealing your cluster credentials.
See https://github.com/ManageIQ/kubeclient/issues/554 for details and which versions got a fix.

## Installation
Expand Down

0 comments on commit 831e360

Please sign in to comment.