SYS-622 trivy scan fixes - postfix-python, udp-nginx, wxcam-upload

instantlinux · Jul 3, 2024 · 78e323c · 78e323c
1 parent 3df642a
commit 78e323c
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 5 deletions.
diff --git a/.image-gitlab-ci.yml b/.image-gitlab-ci.yml
@@ -59,6 +59,11 @@ security_scan_trivy:
       --exit-code 0 --format table --output medium-vulns.txt
   - cat medium-vulns.txt
   - echo CVE-2023-2253 > .trivyignore
+  # These are for blacklist image, there's a won't-fix note for zlib1g
+  - echo CVE-2023-31484 >> .trivyignore
+  - echo CVE-2023-45853 >> .trivyignore
+  # TODO remove this openssh bypass once repo is updated
+  - echo CVE-2024-6387 >> .trivyignore
   - trivy image "${REGISTRY}/${IMAGE}:${TAG}"
   cache:
     paths: [ .trivycache ]

diff --git a/images/postfix-python/requirements.txt b/images/postfix-python/requirements.txt
@@ -1,3 +1,3 @@
 docopt==0.6.2
-PyMySQL==1.0.2
+PyMySQL==1.1.1
 SQLAlchemy==1.3.23
diff --git a/images/udp-nginx-proxy/Dockerfile b/images/udp-nginx-proxy/Dockerfile
@@ -1,4 +1,4 @@
-FROM nginx:1.25.3-alpine
+FROM nginx:1.27.0-alpine
 MAINTAINER Rich Braun "[email protected]"
 ARG BUILD_DATE
 ARG VCS_REF

diff --git a/images/wxcam-upload/Dockerfile b/images/wxcam-upload/Dockerfile
@@ -1,4 +1,4 @@
-FROM instantlinux/proftpd:1.3.7e-r0
+FROM instantlinux/proftpd:1.3.8b-r2
 MAINTAINER Rich Braun "[email protected]"
 ARG BUILD_DATE
 ARG VCS_REF

diff --git a/images/wxcam-upload/helm/Chart.yaml b/images/wxcam-upload/helm/Chart.yaml
@@ -6,8 +6,8 @@ sources:
 - https://github.com/instantlinux/docker-tools
 - https://github.com/proftpd/proftpd
 type: application
-version: 0.1.2
-appVersion: "1.3.7e-r0"
+version: 0.1.3
+appVersion: "1.3.8b-r2"
 dependencies:
 - name: chartlib
   version: 0.1.8