Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
I am forwarding it to my coworkers, and if this was a stupid prank, imma report you
-
Condor324966yWhy such urgency? Common practice for security issues - especially critical ones like this - is reporting privately to the developer and giving them 3 months of time to fix it, and for users to update timely. Needless to say, private disclosure is not a huggin' public GitHub issue. That is *very* bad practice. Only after 3 months have passed, the project has fixed the issue and users that update their software regularly can be reasonably expected to have updated their software already, such an issue should be published by the researcher.
Well, I guess that the dam has broken already. Fortunately I'm not running k8s anywhere here. -
@Condor I don't like this approach either, but now that it's put on GitHub, all users of Kubernetes have to act.
-
Condor324966y@beleg 🤗 for huggin' political correctness and censorship 😆
Can't wait for the moment that this censorship becomes common and we despicable white cis males can go into any cafe and say "hey babe, wanna hug 😏" and when she gets angry, we can get away with it with "oh sorry I meant the 🤗 hug, not the *hug* hug, wink wink, nudge nudge 😏"
Well, all's good for us despicable white cis males with this one I'd say 😝 -
Condor324966y@filthyranter hmm, we wiener-wielders can't do anything right, can we 🤔
... 😢.. bro, I don't even know what's right anymore 🤗😭
So, I guess that I just raped a fellow white cis male over TCP/IP like that 🤔 is that a crime? I mean, given that those feminazis hate all men, I suspect that they might selectively ignore such a thing.. hmm 🤔
Well, in their own words a hug is something positive and inclusive so there's that 🤗 -
@EvilArcher That's a big bummer for them, as they won't be able to mitigate this issue before someone attacks, without any log entries whatsoever as well.
-
Hmm, thanks for the information. We did not encounter such a problem, maybe because we are cooperating with https://volterra.io/solutions/... on this issue. There you can get professional expert advice at any time. Also, we did not receive messages of any changes.
-
beleg31944y@lolapaluuza
You know there's a "created_time" attribute in the api. Why don't you just take a look at its value so you won't raise the dead every time, like any other civilized bot does?
Related Rants
--- URGENT: Major security flaw in Kubernetes: Update Kubernetes at all costs! ---
Detailed info: https://github.com/kubernetes/...
If you are running any unpatched versions of Kubernetes, you must update now. Anyone might be able to send commands directly to your backend through a forged network request, without even triggering a single line in the log, making their attack practically invisible!
If you are running a version of Kubernetes below 1.10... there is no help for you. Upgrade to a newer version, e.g. 1.12.3.
random
news
psa
orchestration
request forging
urgent
kubernetes
critical
vulnerability