Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix 4.8.0 beta-5 AL2023 Vulnerabilities #1294

Merged
merged 1 commit into from
Apr 10, 2024
Merged

Fix 4.8.0 beta-5 AL2023 Vulnerabilities #1294

merged 1 commit into from
Apr 10, 2024

Conversation

CarlosALgit
Copy link
Member

@CarlosALgit CarlosALgit commented Apr 10, 2024
edited
Loading

Related issue: #1293
Changed Docker base image from amazonlinux:2023.3.20240304.0 to amazonlinux:2023 as this change fixes the following known vulnerabilities:

Vulnerability Package
ALAS-2024-573 python3-rpm
ALAS-2024-581 libcurl-minimal
ALAS-2024-576 expat

Following, the manager, indexer and dashboard images have been built without issues.
docker-images

Finally, they deployment was made and it was validated that it did without any issue.
Captura desde 2024-04-10 11-42-47

I have also run the grype vulnerability scanner on this image and this is the result:

grype amazonlinux:2023 -o table
 ✔ Vulnerability DB                [updated]
 ✔ Pulled image
 ✔ Loaded image                                                        amazonlinux:2023.4.20240401.1
 ✔ Parsed image                    sha256:8395af9ef0b53df535732e1e12e1f2e99b6fb57f6b781431e6410f930b
 ✔ Cataloged contents               abc9bdf55348cb0fc3369546025cb70f452c501fbedf5af4f48e484323d91822
   ├── ✔ Packages                        [108 packages]
   ├── ✔ File digests                    [5,060 files]
   ├── ✔ File metadata                   [5,060 locations]
   └── ✔ Executables                     [272 executables]
 ✔ Scanned for vulnerabilities     [0 vulnerability matches]
   ├── by severity: 0 critical, 0 high, 0 medium, 0 low, 0 negligible
   └── by status:   0 fixed, 0 not-fixed, 0 ignored
No vulnerabilities found

@CarlosALgit CarlosALgit requested a review from a team April 10, 2024 09:46
@CarlosALgit CarlosALgit self-assigned this Apr 10, 2024
@CarlosALgit CarlosALgit linked an issue Apr 10, 2024 that may be closed by this pull request
Fix 4.8.0-beta5 AL2023 vulnerabilities #1293
Closed
3 tasks
davidcr01
davidcr01 previously approved these changes Apr 10, 2024
View reviewed changes
Copy link
Contributor

@davidcr01 davidcr01 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, GJ!

@CarlosALgit CarlosALgit force-pushed the 1293-fix-480-beta5-al2023-vulnerabilities branch from 10196ac to 92d6f87 Compare April 10, 2024 11:19
@teddytpc1
Copy link
Member

The error logs in the checks are expected.

@teddytpc1 teddytpc1 merged commit b62a1d5 into 4.8.0 Apr 10, 2024
3 of 5 checks passed
@teddytpc1 teddytpc1 deleted the 1293-fix-480-beta5-al2023-vulnerabilities branch April 10, 2024 15:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@teddytpc1 teddytpc1 teddytpc1 approved these changes

@davidcr01 davidcr01 davidcr01 left review comments

Assignees

@CarlosALgit CarlosALgit

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Fix 4.8.0-beta5 AL2023 vulnerabilities
3 participants
@CarlosALgit @teddytpc1 @davidcr01