From 78e323c570dc88853bf11ee9f09baa3e4a7a9b71 Mon Sep 17 00:00:00 2001 From: Rich Braun Date: Wed, 3 Jul 2024 16:22:06 -0700 Subject: [PATCH] SYS-622 trivy scan fixes - postfix-python, udp-nginx, wxcam-upload --- .image-gitlab-ci.yml | 5 +++++ images/postfix-python/requirements.txt | 2 +- images/udp-nginx-proxy/Dockerfile | 2 +- images/wxcam-upload/Dockerfile | 2 +- images/wxcam-upload/helm/Chart.yaml | 4 ++-- 5 files changed, 10 insertions(+), 5 deletions(-) diff --git a/.image-gitlab-ci.yml b/.image-gitlab-ci.yml index 4123d9e0..4deb67e9 100644 --- a/.image-gitlab-ci.yml +++ b/.image-gitlab-ci.yml @@ -59,6 +59,11 @@ security_scan_trivy: --exit-code 0 --format table --output medium-vulns.txt - cat medium-vulns.txt - echo CVE-2023-2253 > .trivyignore + # These are for blacklist image, there's a won't-fix note for zlib1g + - echo CVE-2023-31484 >> .trivyignore + - echo CVE-2023-45853 >> .trivyignore + # TODO remove this openssh bypass once repo is updated + - echo CVE-2024-6387 >> .trivyignore - trivy image "${REGISTRY}/${IMAGE}:${TAG}" cache: paths: [ .trivycache ] diff --git a/images/postfix-python/requirements.txt b/images/postfix-python/requirements.txt index c2238fc1..38c0afd3 100644 --- a/images/postfix-python/requirements.txt +++ b/images/postfix-python/requirements.txt @@ -1,3 +1,3 @@ docopt==0.6.2 -PyMySQL==1.0.2 +PyMySQL==1.1.1 SQLAlchemy==1.3.23 diff --git a/images/udp-nginx-proxy/Dockerfile b/images/udp-nginx-proxy/Dockerfile index 1f04e560..cdbff417 100644 --- a/images/udp-nginx-proxy/Dockerfile +++ b/images/udp-nginx-proxy/Dockerfile @@ -1,4 +1,4 @@ -FROM nginx:1.25.3-alpine +FROM nginx:1.27.0-alpine MAINTAINER Rich Braun "docker@instantlinux.net" ARG BUILD_DATE ARG VCS_REF diff --git a/images/wxcam-upload/Dockerfile b/images/wxcam-upload/Dockerfile index 2d1c41b7..1e44b9a5 100644 --- a/images/wxcam-upload/Dockerfile +++ b/images/wxcam-upload/Dockerfile @@ -1,4 +1,4 @@ -FROM instantlinux/proftpd:1.3.7e-r0 +FROM instantlinux/proftpd:1.3.8b-r2 MAINTAINER Rich Braun "docker@instantlinux.net" ARG BUILD_DATE ARG VCS_REF diff --git a/images/wxcam-upload/helm/Chart.yaml b/images/wxcam-upload/helm/Chart.yaml index ae2adc34..67d64d81 100644 --- a/images/wxcam-upload/helm/Chart.yaml +++ b/images/wxcam-upload/helm/Chart.yaml @@ -6,8 +6,8 @@ sources: - https://github.com/instantlinux/docker-tools - https://github.com/proftpd/proftpd type: application -version: 0.1.2 -appVersion: "1.3.7e-r0" +version: 0.1.3 +appVersion: "1.3.8b-r2" dependencies: - name: chartlib version: 0.1.8