[FOLIO-3618] Rebuild folioci/jenkins-slave-all for java-17 and java-11 Created: 26/Oct/22  Updated: 03/Nov/22  Resolved: 03/Nov/22

Status: Closed
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Task Priority: P1
Reporter: David Crossley Assignee: David Crossley
Resolution: Done Votes: 0
Labels: security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Sprint: DevOps Sprint 151
Development Team: FOLIO DevOps
RCA Group: Related dependency upgrade

 Description   

These docker images are used by Jenkins for all back-end modules – specified via their Jenkinsfile which version java-17 or java-11 (see doc). The java-11 is used for platform and reference environments.

Rebuild folio-tools/jenkins-slave-docker via Dockerfile.jammy-java-17 and Dockerfile.jammy-java-11

The latest docker images

  • "folioci/jenkins-slave-all:java-17" and "3.0.6".
  • "folioci/jenkins-slave-all:java-11" and "2.10.6".

use openssl 3.0.2-0ubuntu1.6 that has two severe security vulnerabilities:

An Ubuntu patch is available: https://launchpad.net/ubuntu/+source/openssl/3.0.2-0ubuntu1.7

When rebuilding jenkins-slave the patch will automatically be used. No other work than doing the rebuild is required.



 Comments   
Comment by David Crossley [ 03/Nov/22 ]

Thanks Julian for adding that clarification.

Comment by David Crossley [ 03/Nov/22 ]

The new images are built, tested, and pushed as:
"folioci/jenkins-slave-all:java-17" and "3.0.7".
"folioci/jenkins-slave-all:java-11" and "2.10.7".

 

Comment by Julian Ladisch [ 03/Nov/22 ]

Thanks, both new images actually have the patched version:

$ docker exec -it jenkins-slave dpkg-query --list openssl
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name           Version          Architecture Description
+++-==============-================-============-====================================================
ii  openssl        3.0.2-0ubuntu1.7 amd64        Secure Sockets Layer toolkit - cryptographic utility 
Generated at Thu Feb 08 23:29:26 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.