[FOLIO-3366] Rebuild/upgrade folio-java-docker folioci/alpine-jre-openjdk11 Created: 14/Dec/21 Updated: 23/Dec/21 Resolved: 23/Dec/21 |
|
| Status: | Closed |
| Project: | FOLIO |
| Components: | None |
| Affects versions: | None |
| Fix versions: | None |
| Type: | Task | Priority: | P3 |
| Reporter: | David Crossley | Assignee: | David Crossley |
| Resolution: | Done | Votes: | 0 |
| Labels: | security, security-reviewed | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Issue links: |
|
||||||||
| Sprint: | DevOps Sprint 130, DevOps Sprint 129 | ||||||||
| Development Team: | FOLIO DevOps | ||||||||
| Description |
|
Rebuild and deploy a new version of https://github.com/folio-org/folio-tools/tree/master/folio-java-docker/openjdk11 to upgrade the versions used in folioci/alpine-jre-openjdk11 Docker container. No changes are needed in the Dockerfile. This upgrades alpine from 3.14 to 3.15 |
| Comments |
| Comment by Craig McNally [ 16/Dec/21 ] |
|
The security team has reviewed this and feel that while it's not urgent, it would be nice to have this done soon. |
| Comment by Julian Ladisch [ 21/Dec/21 ] |
|
Issues in folioci/alpine-jre-openjdk11:1.1.0 the that upgrade will remove: NAME INSTALLED FIXED-IN VULNERABILITY SEVERITY busybox 1.33.1-r3 1.33.1-r4 CVE-2021-42374 Medium busybox 1.33.1-r3 1.33.1-r5 CVE-2021-42375 Medium busybox 1.33.1-r3 1.33.1-r6 CVE-2021-42378 High busybox 1.33.1-r3 1.33.1-r6 CVE-2021-42379 High busybox 1.33.1-r3 1.33.1-r6 CVE-2021-42380 High busybox 1.33.1-r3 1.33.1-r6 CVE-2021-42381 High busybox 1.33.1-r3 1.33.1-r6 CVE-2021-42382 High busybox 1.33.1-r3 1.33.1-r6 CVE-2021-42383 High busybox 1.33.1-r3 1.33.1-r6 CVE-2021-42384 High busybox 1.33.1-r3 1.33.1-r6 CVE-2021-42385 High busybox 1.33.1-r3 1.33.1-r6 CVE-2021-42386 High curl 7.78.0-r0 7.79.0-r0 CVE-2021-22945 Critical curl 7.78.0-r0 7.79.0-r0 CVE-2021-22946 High curl 7.78.0-r0 7.79.0-r0 CVE-2021-22947 Medium libcrypto1.1 1.1.1k-r0 1.1.1l-r0 CVE-2021-3711 Critical libcrypto1.1 1.1.1k-r0 1.1.1l-r0 CVE-2021-3712 High libcurl 7.78.0-r0 7.79.0-r0 CVE-2021-22945 Critical libcurl 7.78.0-r0 7.79.0-r0 CVE-2021-22946 High libcurl 7.78.0-r0 7.79.0-r0 CVE-2021-22947 Medium libssl1.1 1.1.1k-r0 1.1.1l-r0 CVE-2021-3711 Critical libssl1.1 1.1.1k-r0 1.1.1l-r0 CVE-2021-3712 High openjdk11-jre-headless 11.0.11_p9-r0 11.0.12_p7-r0 CVE-2021-2341 Low openjdk11-jre-headless 11.0.11_p9-r0 11.0.12_p7-r0 CVE-2021-2369 Medium openjdk11-jre-headless 11.0.11_p9-r0 11.0.12_p7-r0 CVE-2021-2388 High ssl_client 1.33.1-r3 1.33.1-r4 CVE-2021-42374 Medium The issues are hard to exploit in FOLIO modules, though. |
| Comment by David Crossley [ 21/Dec/21 ] |
|
Moving to Alpine 3.15 will bring Node.js 16 and PostgreSQL 14. Julian Ladisch i gather that that is okay, as the purpose of this Docker image is to provide Java. Is that okay? |
| Comment by Julian Ladisch [ 22/Dec/21 ] |
|
Yes, it is okay. The image neither uses node nor postgres: https://github.com/folio-org/folio-tools/blob/master/folio-java-docker/openjdk11/Dockerfile |
| Comment by David Crossley [ 23/Dec/21 ] |
|
Built and pushed as "1.2.0" and "latest". |