[FOLIO-3561] folio-install TAMU: apk/apt upgrade fixing vulnerabilities Created: 24/Aug/22 Updated: 08/Mar/23 Resolved: 08/Mar/23 |
|
| Status: | Closed |
| Project: | FOLIO |
| Components: | None |
| Affects versions: | None |
| Fix versions: | None |
| Type: | Bug | Priority: | P3 |
| Reporter: | Julian Ladisch | Assignee: | jroot |
| Resolution: | Done | Votes: | 0 |
| Labels: | security, security-reviewed | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Issue links: |
|
||||||||
| Sprint: | |||||||||
| Development Team: | Other dev | ||||||||
| RCA Group: | Related dependency upgrade | ||||||||
| Description |
|
https://github.com/folio-org/folio-install/tree/master/alternative-install/kubernetes-rancher/TAMU has several Dockerfiles that have vulnerable packages. Adding apk upgrade or apt upgrade bumps to the latest patch version and fixes these vulnerabilities:
|
| Comments |
| Comment by Ann-Marie Breaux (Inactive) [ 25/Aug/22 ] |
|
Hi Julian Ladisch Which dev team should this be assigned to? Could you update that, and also the RCA value? Thank you! |
| Comment by Craig McNally [ 25/Aug/22 ] |
|
Ann-Marie Breaux the TAMU devs are handling many of these, and there isn't a team in JIRA for them. As far as RCA value it isn't clear which value is most appropriate. We're taking an educated guess in many cases. |
| Comment by Ann-Marie Breaux (Inactive) [ 25/Aug/22 ] |
|
Thanks, Craig McNally I'm going to assign Dev Team = Other, so they will drop out of the "bugs with no dev team" filter. Thank you! |