# CE 1.6.0 release ## Release KC OSS 0.46.1 - [x] 1. bump golang 1.20.5 in all tools - [x] 2. run trivy and osspi on ytt, kapp and imgpkg - [x] 3. release ytt, kapp, imgpkg - [x] 4. bump imgpkg into vendir - [x] 5. run trivy on vendir - [x] 6. release vendir - [x] 7. bump imgpkg and vendir into kbld - [x] 8. run trivy on kbld - [x] 9. release kbld - [x] 10. bump ytt, kbld, vendir, kapp into KC - [x] 11. run trivy and osspi on KC - [x] 12. release KC ### Release kapp 0.57.1 - [x] bump go 1.20.5 on develop as 0.57.0 is on develop only - [x] run trivy - [x] if all good, release ### Release ytt 0.45.3 - [x] release done by yash ### Release imgpkg 0.37.2 - [x] bump go 1.20.5 on develop as 0.37.1 is on develop only - [x] run trivy - [x] if all good, release ### Release vendir 0.34.3 - [x] bump go 1.20.5 on develop as 0.37.1 is on develop only - [x] bump imgpkg 0.37.2 - [x] run trivy - [x] if all good, release ### Release kbld 0.37.4 - [x] bump go 1.20.5 on develop as 0.37.1 is on develop only - [x] bump imgpkg 0.37.2 and vendir 0.34.3 - [x] run trivy - [x] if all good, release ## OSS release of SGC 0.14.6 - [x] 1. bump go 1.20.5 - [x] 2. run trivy and osspi - [x] 3. oss release ## Note: - [x] All mirror repos got synced - [x] Run GO bump scritp once mirror repo got synced ## Release cayman KC 0.46.1 - [x] 1. release cayman of kapp, ytt, kbld, vendir, imgpkg - [x] 2. bump kapp, ytt,vendir, kbld in kc - [x] 3. bump photon in KC - [x] 4. go bump age (not in sops), heml need to discuss weather we want to bump or not - [x] 5. bump age, helm, sops and go in cayman KC - [x] 6. run obj build on KC - [ ] 7. if no new CVE then release cayman KC ## Cayman release of SGC 0.14.6 - [x] run update script - [x] run osspi - [x] release if all look good - [x] build link: https://buildweb.eng.vmware.com/ob/21923951/ - [x] osspi link: https://osspi.eng.vmware.com/audit-reports/615144/oss-packages/all?limit=25&offset=0&audit_id=615144&ordering=package ## cayman imgpkg - [x] run update script - [x] run osspi - [x] release if all look good ## KC 0.46.x CVE **age, cue, helm and sops:** CVE-2023-29403: https://nvd.nist.gov/vuln/detail/CVE-2023-29403 -> score is NA CVE-2023-29404: https://nvd.nist.gov/vuln/detail/CVE-2023-29404 -> score is NA CVE-2023-29402: https://nvd.nist.gov/vuln/detail/CVE-2023-29402 -> NA CVE-2023-29405: https://nvd.nist.gov/vuln/detail/CVE-2023-29405 -> NA **sops:** CVE-2022-29526: https://nvd.nist.gov/vuln/detail/cve-2022-29526 -> 5.3 -> not vulnerable already exist on sheet **usr/lib/libcap.so.2.43** CVE-2023-2603: https://nvd.nist.gov/vuln/detail/CVE-2023-2603 -> NA -> already exist in sheet **usr/lib/libxml2.so.2.9.12** CVE-2022-23308: https://nvd.nist.gov/vuln/detail/cve-2022-23308 -> NA **usr/lib/libxml2.so.2.9.12** CVE-2022-40303: https://nvd.nist.gov/vuln/detail/CVE-2022-40303 -> NA CVE-2023-29469: https://nvd.nist.gov/vuln/detail/CVE-2023-29469 -> 6.5 -> not exploitable already exist in sheet **usr/bin/lua** CVE-2022-28805: https://nvd.nist.gov/vuln/detail/CVE-2022-28805 -> 9.1 critical CVE-2021-44964: https://nvd.nist.gov/vuln/detail/CVE-2021-44964 -> 6.3 **usr/lib/libsqlite3.so.0.8.6** CVE-2022-46908: https://nvd.nist.gov/vuln/detail/CVE-2022-46908 -> 7.3 **usr/lib/libz.so.1.2.11** CVE-2018-25032: https://nvd.nist.gov/vuln/detail/cve-2018-25032 -> 7.5 ## KC 0.45.x CVE #### Cue https://nvd.nist.gov/vuln/detail/CVE-2023-29403 - NA https://nvd.nist.gov/vuln/detail/CVE-2023-29404 - NA https://nvd.nist.gov/vuln/detail/CVE-2023-29402 - NA https://nvd.nist.gov/vuln/detail/CVE-2023-29405 - NA #### Age https://nvd.nist.gov/vuln/detail/CVE-2023-29403 - NA https://nvd.nist.gov/vuln/detail/CVE-2023-29404 - NA https://nvd.nist.gov/vuln/detail/CVE-2023-29402 - NA https://nvd.nist.gov/vuln/detail/CVE-2023-29405 - NA #### Helm https://nvd.nist.gov/vuln/detail/CVE-2023-29403 - NA https://nvd.nist.gov/vuln/detail/CVE-2023-29404 - NA https://nvd.nist.gov/vuln/detail/CVE-2023-29402 - NA https://nvd.nist.gov/vuln/detail/CVE-2023-29405 - NA #### Sops https://nvd.nist.gov/vuln/detail/CVE-2022-29526 - 5.3 https://nvd.nist.gov/vuln/detail/CVE-2023-29403 - NA https://nvd.nist.gov/vuln/detail/CVE-2023-29404 - NA https://nvd.nist.gov/vuln/detail/CVE-2023-29402 - NA https://nvd.nist.gov/vuln/detail/CVE-2023-29405 - NA