[FOLIO-3598] Upgrade folio-helm docker/create-tenant/Dockerfile fixing CVE-2022-37434 Created: 22/Sep/22  Updated: 12/Oct/22  Resolved: 11/Oct/22

Status: Closed
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Bug Priority: P3
Reporter: Julian Ladisch Assignee: Unassigned
Resolution: Done Votes: 0
Labels: security, security-reviewed
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Sprint:
Development Team: FOLIO DevOps
RCA Group: TBD

 Description   

Upgrade https://github.com/folio-org/folio-helm/blob/master/docker/create-tenant/Dockerfile by bumping Alpine from 3.11 (end of support since 2021-11-01: https://alpinelinux.org/releases/ ) to 3.16 and using apk upgrade to bump zlib from 1.2.11-r3 to zlib/zlib@1.2.11-r4 fixing https://nvd.nist.gov/vuln/detail/CVE-2022-37434

 



 Comments   
Comment by Oleksii Petrenko [ 04/Oct/22 ]

Reassigned to FOLIO DevOps team, because it is out of Kitfox responsibilities

Comment by David Crossley [ 07/Oct/22 ]

All commits and work with folio-helm have not involved the "FOLIO DevOps" team.

(Other interested parties: Jakub Skoczen)

Comment by Julian Ladisch [ 11/Oct/22 ]

Oleksii Petrenko: Why has this Jira been moved from RANCHER to FOLIO project? The merged pull requests of folio-helm has been in the RANCHER project: https://github.com/folio-org/folio-helm/commits/master

Comment by Julian Ladisch [ 11/Oct/22 ]

Most contributors https://github.com/folio-org/folio-helm/graphs/contributors are member of the https://github.com/orgs/folio-org/teams/folio-devops team:

Comment by David Crossley [ 12/Oct/22 ]

As i noted in an earlier comment, those are not members of the "FOLIO DevOps" team, but rather the "Kitfox" team.

Comment by Julian Ladisch [ 12/Oct/22 ]

Exactly, that's the reason why I had assigned this Jira to the Kitfox team.

Oleksii Petrenko : Why has this been changed from Kitfox team to "FOLIO DevOps" team?

Generated at Thu Feb 08 23:29:18 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.