From e636c17308a16496741c4ac9c8d072db495cc8c9 Mon Sep 17 00:00:00 2001 From: John Mazzitelli Date: Thu, 2 Jan 2025 13:38:27 -0500 Subject: [PATCH] comments to help authors find the related files for the CVE table --- content/en/news/security-bulletins/_index.md | 4 ++++ data/security/cve.yaml | 3 +++ layouts/shortcodes/security-cve-table.html | 4 ++++ 3 files changed, 11 insertions(+) diff --git a/content/en/news/security-bulletins/_index.md b/content/en/news/security-bulletins/_index.md index d11fdc2e6..448e788ad 100644 --- a/content/en/news/security-bulletins/_index.md +++ b/content/en/news/security-bulletins/_index.md @@ -14,6 +14,10 @@ If you run a security scan on Kiali software that automatically generates a list Kiali releases every three weeks and so generally resolves CVEs in new releases only. Golang vulnerabilities are typically resolved in a timely way, as the Go version for release builds increments fairly often. Occasionally, critical CVEs may be resolved in patch releases for supported versions. Additionally, not every CVE reported against a Kiali dependency is actually a vulnerability. For reported CVEs that are proven not to affect Kiali, see the table below: + {{}}
diff --git a/data/security/cve.yaml b/data/security/cve.yaml index a92d37dbc..108d94f0b 100644 --- a/data/security/cve.yaml +++ b/data/security/cve.yaml @@ -1,4 +1,7 @@ # The Reported Kiali CVEs for which Kiali is confirmed to not be vulnerable +# The table layout HTML is located at layouts/shortcodes/security-cve-table.html +# The table is used in content/en/news/security-bulletins/_index.md +# The HTML tag to insert the data table is versionRange: - cve: "CVE-2024-33599" severity: high diff --git a/layouts/shortcodes/security-cve-table.html b/layouts/shortcodes/security-cve-table.html index 10d319fe7..77b237a1c 100644 --- a/layouts/shortcodes/security-cve-table.html +++ b/layouts/shortcodes/security-cve-table.html @@ -1,5 +1,9 @@ {{ $data := index .Site.Data.security.cve }} +