[FOLIO-3246] Rebuild (= upgrade) folioci/alpine-jre-openjdk11 Created: 22/Jul/21  Updated: 14/Dec/21  Resolved: 20/Aug/21

Status: Closed
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Story Priority: P2
Reporter: Julian Ladisch Assignee: David Crossley
Resolution: Done Votes: 0
Labels: security, security-reviewed
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Relates
relates to FOLIO-3366 Rebuild/upgrade folio-java-docker fol... Closed
Sprint: DevOps Sprint 121
Development Team: FOLIO DevOps

 Description   

Rebuild and deploy a new version of https://github.com/folio-org/folio-tools/tree/master/folio-java-docker/openjdk11 to upgrade the versions used in folioci/alpine-jre-openjdk11 Docker container. No changes are needed in the Dockerfile.

This upgrades alpine from 3.12 to 3.14 and fixes these security vulnerabilities:
• apk-tools 2.10.5-r1 to 2.12.5-r1 fixing https://nvd.nist.gov/vuln/detail/CVE-2021-30139
• busybox 1.31.1-r16 to 1.33.1-r4 fixing https://nvd.nist.gov/vuln/detail/CVE-2021-28831
• curl 7.69.1-r0 to 7.78.0-r1 fixing CVE-2020-8169, CVE-2020-8177, CVE-2020-8231, CVE-2020-8285, CVE-2020-8286, CVE-2020-8284, CVE-2021-22876, CVE-2021-22890, CVE-2021-22898, CVE-2021-22901, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, CVE-2021-22926: https://curl.se/docs/security.html
• musl 1.1.24-r8 to 1.2.2-r3 fixing https://nvd.nist.gov/vuln/detail/CVE-2020-28928
• openssl 1.1.1g-r0 to 1.1.1k-r0 fixing https://nvd.nist.gov/vuln/detail/CVE-2020-1971 https://nvd.nist.gov/vuln/detail/CVE-2021-23839 https://nvd.nist.gov/vuln/detail/CVE-2021-23840 https://nvd.nist.gov/vuln/detail/CVE-2021-23841 https://nvd.nist.gov/vuln/detail/CVE-2021-3449 https://nvd.nist.gov/vuln/detail/CVE-2021-3450
• p11-kit 0.23.20-r5 to 0.23.22-r0 fixing https://nvd.nist.gov/vuln/detail/CVE-2020-29361 https://nvd.nist.gov/vuln/detail/CVE-2020-29362 https://nvd.nist.gov/vuln/detail/CVE-2020-29363



 Comments   
Comment by David Crossley [ 20/Aug/21 ]

Built and pushed as "1.1.0" and "latest".

Generated at Thu Feb 08 23:26:41 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.