flyway/11.17.0-r0: cve remediation#71913
Closed
octo-sts[bot] wants to merge 1 commit into
Closed
Chainguard Internal / elastic-build
succeeded
Nov 13, 2025 in 5m 46s
APKs built successfully
Build ID: d07b1cfc-08c1-4ea5-95c8-c81d59e49570
Details
builds
x86_64 Logs
Click to expand
/netty/netty-resolver-dns-native-macos-4.2.7.Final-osx-x86_64.jar (macos)
- usr/share/java/flyway/lib/netty/netty-tcnative-boringssl-static-2.0.74.Final-osx-aarch_64.jar (macos)
- usr/share/java/flyway/lib/netty/netty-tcnative-boringssl-static-2.0.74.Final-osx-x86_64.jar (macos)
- usr/share/java/flyway/lib/netty/netty-tcnative-boringssl-static-2.0.74.Final-windows-x86_64.jar (windows)
- usr/share/java/flyway/lib/netty/netty-transport-native-kqueue-4.2.7.Final-osx-x86_64.jar (macos)
[opt] flyway writes to /opt
→ This package should be a -compat package
- opt/java/openjdk/bin
- opt/java/openjdk/conf
- opt/java/openjdk/legal
- opt/java/openjdk/lib
- opt/java/openjdk/release
no lint findings to persist for package flyway
checking license information
LICENSE.md: Apache-2.0 (0.996815) (notice)
LICENSE.txt: NOASSERTION (0.000000 low-confidence) (unknown)
flyway-docker/LICENSE: Apache-2.0 (1.000000) (notice)
flyway-commandline/target/classes/META-INF/LICENSE.txt: NOASSERTION (0.000000 low-confidence) (unknown)
flyway-core/target/classes/META-INF/LICENSE.txt: NOASSERTION (0.000000 low-confidence) (unknown)
flyway-reports/target/classes/META-INF/LICENSE.txt: NOASSERTION (0.000000 low-confidence) (unknown)
checking gathered license information against the configuration
no license differences detected
following license files could not be confidently assessed:
LICENSE.txt: NOASSERTION (0.000000) (unknown)
flyway-commandline/target/classes/META-INF/LICENSE.txt: NOASSERTION (0.000000) (unknown)
flyway-core/target/classes/META-INF/LICENSE.txt: NOASSERTION (0.000000) (unknown)
flyway-reports/target/classes/META-INF/LICENSE.txt: NOASSERTION (0.000000) (unknown)
could not identify some licenses, please check the configuration
license information check complete
invalid license: NOASSERTION
writing SBOM for flyway
generating package flyway-11.17.0-r1
scanning for ld.so.conf.d files...
scanning for shared object dependencies...
scanning for commands...
scanning for -doc package...
scanning for pkg-config data...
scanning for python modules...
scanning for ruby gems...
scanning for shbang deps...
runtime:
bash
openjdk-17-jre
installed-size: 239067839
data.tar.gz digest: 0571eb30ffd3d73b4b31887c240f5a122edceab47395b9b68dc8a59eca96ad5c
wrote packages/x86_64/flyway-11.17.0-r1.apk
cleaning Workspace by removing 33 file/directories in /home/build
generating apk index from packages in packages/x86_64
processing package packages/x86_64/flyway-11.17.0-r1.apk
updating index at packages/x86_64/APKINDEX.tar.gz with new packages: [flyway-11.17.0-r1]
qemu: sending shutdown signal
command "melange" completed successfully
build completed successfully
running malcontent scan...
found 1 APK files to scan
scanning packages/x86_64/flyway-11.17.0-r1.apk -> packages/flyway-11.17.0-r1/mal-scan.json
running command mal [--format=json --exit-extraction=false --min-risk=critical --min-file-risk=critical --quantity-increases-risk=true --output=packages/flyway-11.17.0-r1/mal-scan.json scan packages/x86_64/flyway-11.17.0-r1.apk]
command "mal" completed successfully
malcontent scan completed successfully for 1 APKs in 20s
creating packages tarball...
running command tar [-C packages -cf packages.tar .]
command "tar" completed successfully
packages.tar sha256sum: c5a55b3d2fb0824752fcdf4f2df2068da47bb9ce9458e517f040cbc42965aa8d
sha256sum "c5a55b3d2fb0824752fcdf4f2df2068da47bb9ce9458e517f040cbc42965aa8d" written to /dev/termination-log
Built 1 packages, hash: c5a55b3d2fb0824752fcdf4f2df2068da47bb9ce9458e517f040cbc42965aa8d, size: 221807104 bytes
uploading final packages tarball...
running command curl [-s --upload-file packages.tar -H Content-Type: application/octet-stream https://storage.googleapis.com/prod-bundle-staging/wolfi/x86_64/1762992296694465807-flyway-11.17.0-r1.tar.gz?Expires=1763035496&GoogleAccessId=ebuild-zasv64d5x1oc4m3epw39yod%40prod-enforce-fabc.iam.gserviceaccount.com&Signature=M8HJGZqeU79AW0yvHhoxtYzD0escv2Sf44mm%2FzI21uGBUiy7RAHpC2usWnSdIV7gmQrCjXJBVY%2BkXYCvwTREM7zCDs0WnOTzWnziHyQQMOfTD7bOj%2FuVVXRS%2BvgskvY%2Bp4aox9FaiVx%2Biaq2Yq5lmG3k39pFoO8Tj30QSgyn4eE2nZ3IKfa%2FbhcfTSLwdCtexDtp7114%2FfAZGy85AfE%2B5%2BWZF4CHj%2FayfyZN1ZFlI%2B9nY6OOYBfBdXmjQMOXO13gq2aB4zmONd9zZIlIaRNitUNmndHDkJ6m18H7HRbABdZaAoHtWIg0D%2FNW65qZV5%2F2eGI8kGj5T4OpBpfIhgACjg%3D%3D]
command "curl" completed successfully
upload completed successfully
parsed env
configuring puller identity "720909c9f5279097d847ad02a2f24ba8f59de36a/a49c7fedc33adf69"...
running command chainctl [auth login --audience apk.cgr.dev --identity 720909c9f5279097d847ad02a2f24ba8f59de36a/a49c7fedc33adf69]
Successfully exchanged token.
Valid! Id: 720909c9f5279097d847ad02a2f24ba8f59de36a/a49c7fedc33adf69
Updates are available for chainctl (current version: 0.2.174; latest: 0.2.175). To install, please run:
$ chainctl update
command "chainctl" completed successfully
puller identity configured successfully
puller identity configured successfully
running tests...
running command /usr/bin/dind [dockerd] in background
command "/usr/bin/dind" started successfully
running command bash [-c
# Retry up to 60 seconds to wait for docker to start.
worked=false
for i in $(seq 60); do
if docker info >/dev/null 2>&1; then
worked=true
break
fi
echo "docker healthcheck failed, docker is not ready, retrying... ($i/60 seconds so far)..."
sleep 1
done
if [ "$worked" = "false" ]; then
echo "Failed to start docker after 60 seconds"
exit 1
fi
]
command "bash" completed successfully
running command melange [test flyway.yaml --gcplog --source-dir flyway --test-package-append wolfi-base --arch=x86_64 --env-file=build-x86_64.env --pipeline-dirs=./pipelines --runner=qemu --repository-append=https://apk.cgr.dev/chainguard --repository-append=https://apk.cgr.dev/wolfi-presubmit/45289b736d15ce5ba9375834e20f286021b58100 --repository-append=https://apk.cgr.dev/wolfi-presubmit/45289b736d15ce5ba9375834e20f286021b58100]
melange v0.33.0 with runner qemu is testing:
image configuration:
contents:
build repositories: []
runtime repositories: []
repositories: []
keyring: []
packages: [flyway]
accounts:
runas:
users:
- uid=1000(build) gid=1000
groups:
- gid=1000(build) members=[build]
installing wolfi-baselayout (20230201-r24)
installing ca-certificates-bundle (20251003-r0)
installing ncurses-terminfo-base (6.5_p20251025-r1)
installing libgcc (15.2.0-r6)
installing glibc-locale-posix (2.42-r4)
installing glibc (2.42-r4)
installing ld-linux (2.42-r4)
installing ncurses (6.5_p20251025-r1)
installing bash (5.3-r3)
installing libbrotlicommon1 (1.2.0-r1)
installing libbrotlidec1 (1.2.0-r1)
installing zlib (1.3.1-r51)
installing libpng (1.6.50-r2)
installing libbz2-1 (1.0.8-r21)
installing freetype (2.14.1-r0)
installing libxau (1.0.12-r3)
installing libxdmcp (1.1.5-r9)
installing libxcb (1.17.0-r8)
installing libx11 (1.8.12-r3)
installing libxext (1.3.6-r7)
installing libxi (1.8.2-r4)
installing libxtst (1.2.5-r4)
installing ttf-dejavu (2.37-r7)
installing alsa-lib (1.2.14-r2)
installing lcms2 (2.17-r5)
installing libxrender (0.9.12-r4)
installing giflib (5.2.2-r11)
installing libjpeg-turbo (3.1.2-r1)
installing fontconfig-config (2.17.1-r1)
installing libexpat1 (2.7.3-r0)
installing libfontconfig1 (2.17.1-r1)
installing libtasn1 (4.20.0-r5)
installing libffi (3.5.2-r1)
installing p11-kit (0.25.10-r0)
installing p11-kit-trust (0.25.10-r0)
installing libcrypto3 (3.6.0-r3)
installing ca-certificates (20251003-r0)
installing java-cacerts (20251003-r0)
installing openjdk-17-jre (17.0.17-r0)
installing flyway (11.17.0-r1)
installing wolfi-keys (1-r12)
installing libssl3 (3.6.0-r3)
installing apk-tools (2.14.10-r9)
installing libxcrypt (4.5.2-r0)
installing libcrypt1 (2.42-r4)
installing busybox (1.37.0-r50)
installing wolfi-base (1-r7)
populating workspace /tmp/melange-workspace-351808036 from flyway
qemu: generating ssh key pairs for ephemeral VM
qemu: generating SSH host key for VM
qemu: generating base initramfs
image configuration:
contents:
build repositories: [https://apk.cgr.dev/chainguard]
runtime repositories: []
repositories: []
keyring: []
packages: [microvm-init]
installing wolfi-baselayout (20230201-r24)
installing ca-certificates-bundle (20251003-r0)
installing libgcc (15.2.0-r6)
installing glibc-locale-posix (2.42-r4)
installing glibc (2.42-r4)
installing ld-linux (2.42-r4)
installing gnutar-rmt (1.35-r6)
installing gnutar (1.35-r6)
installing libattr1 (2.5.2-r54)
installing attr (2.5.2-r54)
installing zlib (1.3.1-r51)
installing libzstd1 (1.5.7-r5)
installing xz (5.8.1-r6)
installing libcrypto3 (3.6.0-r3)
installing kmod (34.2-r42)
installing libmnl (1.0.5-r6)
installing libbz2-1 (1.0.8-r21)
installing libelf (0.194-r0)
installing libbpf (1.6.2-r0)
installing libverto (0.3.2-r6)
installing krb5-conf (1.0-r7)
installing libcom_err (1.47.3-r1)
installing keyutils-libs (1.6.3-r37)
installing libssl3 (3.6.0-r3)
installing krb5-libs (1.22.1-r1)
installing libtirpc (1.3.7-r1)
installing libnftnl (1.3.0-r0)
installing xtables (1.8.11-r28)
installing libpcre2-8-0 (10.47-r0)
installing libsepol (3.9-r1)
installing libselinux (3.9-r1)
installing libcap (2.77-r0)
installing iproute2 (6.17.0-r2)
installing libstdc++ (15.2.0-r6)
installing inih (62-r1)
installing liburcu (0.15.5-r0)
installing libblkid (2.41.2-r1)
installing libuuid (2.41.2-r1)
installing xfsprogs-core (6.17.0-r2)
installing xfsprogs (6.17.0-r2)
installing libmount (2.41.2-r1)
installing mount (2.41.2-r1)
installing ncurses-terminfo-base (6.5_p20251025-r1)
installing ncurses (6.5_p20251025-r1)
installing setarch (2.41.2-r1)
installing libfdisk (2.41.2-r1)
installing sqlite-libs (3.51.0-r0)
installing util-linux (2.41.2-r1)
installing libsmartcols (2.41.2-r1)
installing util-linux-misc (2.41.2-r1)
installing libxcrypt (4.5.2-r0)
installing libcrypt1 (2.42-r4)
installing linux-pam (1.7.1-r2)
installing openssh-keygen (10.2_p1-r2)
installing openssh-server-config (10.2_p1-r2)
installing openssh-server (10.2_p1-r2)
installing busybox (1.37.0-r50)
installing microvm-init (0.0.1-r14)
qemu: starting VM
qemu: waiting for SSH
aarch64 Logs
Click to expand
e apko.local/cache:288d920676f40e2cfa9934bc9b2fedc9644f36c144abf0182274ff39beb7c065 as index.docker.io/library/melange:latest
populating workspace /tmp/melange-workspace-313142857 from flyway
running the main test pipeline
running step "Test CLI basics"
Usage
flyway [options] [command]
flyway help [command]
By default, the configuration will be read from conf/flyway.toml file.
Options passed from the command-line override the configuration.
Commands
help Print this usage info and exit
migrate Migrates the database
clean Drops all objects in the configured schemas
info Prints the information about applied, current and pending migrations
validate Validates the applied migrations against the ones on the classpath
baseline Baselines an existing database at the baselineVersion
repair Repairs the schema history table
testConnection Attempts to establish a connection to the database using the configured connection settings
version, -v, --version Print the Flyway version and edition
list-engines Lists the database engines that Flyway has loaded support for.
Configuration parameters (Format: -key=value)
driver Fully qualified classname of the JDBC driver
url Jdbc url to use to connect to the database
user User to use to connect to the database
password Password to use to connect to the database
connectRetries Maximum number of retries when attempting to connect to the database
initSql SQL statements to run to initialize a new database connection
schemas Comma-separated list of the schemas managed by Flyway
table Name of Flyway's schema history table
locations Classpath locations to scan recursively for migrations
failOnMissingLocations Whether to fail if a location specified in the flyway.locations option doesn't exist
resolvers Comma-separated list of custom MigrationResolvers
skipDefaultResolvers Skips default resolvers (jdbc, sql and Spring-jdbc)
sqlMigrationPrefix File name prefix for versioned SQL migrations
undoSqlMigrationPrefix [teams] File name prefix for undo SQL migrations
repeatableSqlMigrationPrefix File name prefix for repeatable SQL migrations
sqlMigrationSeparator File name separator for SQL migrations
sqlMigrationSuffixes Comma-separated list of file name suffixes for SQL migrations
stream [teams] Stream SQL migrations when executing them
batch [teams] Batch SQL statements when executing them
mixed Allow mixing transactional and non-transactional statements
encoding Encoding of SQL migrations
detectEncoding [teams] Whether Flyway should try to automatically detect SQL migration file encoding
executeInTransaction Whether SQL should execute within a transaction
placeholderReplacement Whether placeholders should be replaced
placeholders Placeholders to replace in sql migrations
placeholderPrefix Prefix of every placeholder
placeholderSuffix Suffix of every placeholder
scriptPlaceholderPrefix Prefix of every script placeholder
scriptPlaceholderSuffix Suffix of every script placeholder
lockRetryCount The maximum number of retries when trying to obtain a lock
jdbcProperties Properties to pass to the JDBC driver object
installedBy Username that will be recorded in the schema history table
target Target version up to which Flyway should use migrations
cherryPick [teams] Comma separated list of migrations that Flyway should consider when migrating
skipExecutingMigrations Whether Flyway should skip actually executing the contents of the migrations
outOfOrder Allows migrations to be run "out of order"
callbacks Comma-separated list of FlywayCallback classes, or locations to scan for FlywayCallback classes
skipDefaultCallbacks Skips default callbacks (sql)
validateOnMigrate Validate when running migrate
validateMigrationNaming Validate file names of SQL migrations (including callbacks)
ignoreMigrationPatterns Patterns of migrations and states to ignore during validate
cleanDisabled Whether to disable clean
baselineVersion Version to tag schema with when executing baseline
baselineDescription Description to tag schema with when executing baseline
baselineOnMigrate Baseline on migrate against uninitialized non-empty schema
configFiles Comma-separated list of config files to use
configFileEncoding Encoding to use when loading the config files
jarDirs Comma-separated list of dirs for Jdbc drivers & Java migrations
createSchemas Whether Flyway should attempt to create the schemas specified in the schemas property
dryRunOutput [teams] File where to output the SQL statements of a migration dry run
errorOverrides [teams] Rules to override specific SQL states and errors codes
color Whether to colorize output. Values: always, never, or auto (default)
outputFile Send output to the specified file alongside the console
outputType Serialise the output in the given format, Values: json
Flags
-X Print debug output
-q Suppress all output, except for errors and warnings
--help, -h, -? Print this usage info and exit
Flyway Usage Example
flyway -user=myuser -password=s3cr3t -url=jdbc:h2:mem -placeholders.abc=def migrate
flyway help check
More info at https://rd.gt/3Cc1xKC
WARNING: No locations configured and default location 'sql' not found.
Flyway OSS Edition 11.17.0 by Redgate
See release notes here: https://rd.gt/416ObMi
Plugin Name | Version
--------------------------------- | ---------
OceanBase | 10.24.0
TiDB | 10.24.0
QuestDB | 10.24.0
DB2 for z/OS | 10.24.0
YugabyteDB | 10.24.0
ClickHouse | 10.24.0
Apache Ignite | 10.24.0
CUBRID | 10.24.0
Databricks | 10.24.0
Timeplus | 10.24.0
DuckDB | 10.24.0
InterSystems IRIS Data Platform | 10.24.0
WARNING: No locations configured and default location 'sql' not found.
Flyway OSS Edition 11.17.0 by Redgate
See release notes here: https://rd.gt/416ObMi
Database Name
---------------------------------
OceanBase
CockroachDB
Redshift
TiDB
QuestDB
DB2 for z/OS
MariaDB
YugabyteDB
Azure Synapse
Fabric Data Warehouse
PostgreSQL
HSQLDB
Snowflake
DB2
Firebird
Derby
SingleStoreDB
ClickHouse
Apache Ignite
MySQL
CUBRID
Databricks
Timeplus
Sybase ASE
Sybase ASE
H2
SQLite
Testcontainers
DuckDB
Informix
InterSystems IRIS Data Platform
SAP HANA
Google Big Query
SQL Server
Oracle
Cassandra
Google Cloud Spanner
running step "Test basic migration"
Flyway OSS Edition 11.17.0 by Redgate
See release notes here: https://rd.gt/416ObMi
Database: jdbc:h2:mem:db (H2 2.3)
Schema history table "PUBLIC"."flyway_schema_history" does not exist yet
Successfully validated 2 migrations (execution time 00:00.011s)
Creating Schema History table "PUBLIC"."flyway_schema_history" ...
Current version of schema "PUBLIC": << Empty Schema >>
Migrating schema "PUBLIC" to version "1 - Create person table"
Migrating schema "PUBLIC" to version "2 - add people"
Successfully applied 2 migrations to schema "PUBLIC", now at version v2 (execution time 00:00.003s)
Flyway OSS Edition 11.17.0 by Redgate
See release notes here: https://rd.gt/416ObMi
Database: jdbc:h2:mem:db (H2 2.3)
Schema history table "PUBLIC"."flyway_schema_history" does not exist yet
Schema version: << Empty Schema >>
+-----------+---------+---------------------+------+--------------+---------+----------+
| Category | Version | Description | Type | Installed On | State | Undoable |
+-----------+---------+---------------------+------+--------------+---------+----------+
| Versioned | 1 | Create person table | SQL | | Pending | No |
| Versioned | 2 | add people | SQL | | Pending | No |
+-----------+---------+---------------------+------+--------------+---------+----------+
pod c9e5e9ea6e78f0d781aac72562dc30bb6cbd9a610ff6185e2de103b40cf282d1 terminated
command "melange" completed successfully
tests completed successfully
all tests passed
Indexes
https://apk.cgr.dev/wolfi-presubmit/45289b736d15ce5ba9375834e20f286021b58100
Packages
- ✅ flyway (success | 3m18s | x86_64 logs | aarch64 logs)
Tests
- ✅ flyway (success | 28s | x86_64 logs | aarch64 logs)
More Observability
Command
cg build log \
--build-id d07b1cfc-08c1-4ea5-95c8-c81d59e49570 \
--project prod-wolfi-os \
--cluster elastic-pre-a \
--namespace pre-wolfi \
--start 2025-11-13T00:03:14Z \
--end 2025-11-13T00:19:01Z
Loading