[FOLIO-3618] Rebuild folioci/jenkins-slave-all for java-17 and java-11 Created: 26/Oct/22 Updated: 03/Nov/22 Resolved: 03/Nov/22 |
|
| Status: | Closed |
| Project: | FOLIO |
| Components: | None |
| Affects versions: | None |
| Fix versions: | None |
| Type: | Task | Priority: | P1 |
| Reporter: | David Crossley | Assignee: | David Crossley |
| Resolution: | Done | Votes: | 0 |
| Labels: | security | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Sprint: | DevOps Sprint 151 |
| Development Team: | FOLIO DevOps |
| RCA Group: | Related dependency upgrade |
| Description |
|
These docker images are used by Jenkins for all back-end modules – specified via their Jenkinsfile which version java-17 or java-11 (see doc). The java-11 is used for platform and reference environments. Rebuild folio-tools/jenkins-slave-docker via Dockerfile.jammy-java-17 and Dockerfile.jammy-java-11 The latest docker images
use openssl 3.0.2-0ubuntu1.6 that has two severe security vulnerabilities:
An Ubuntu patch is available: https://launchpad.net/ubuntu/+source/openssl/3.0.2-0ubuntu1.7 When rebuilding jenkins-slave the patch will automatically be used. No other work than doing the rebuild is required. |
| Comments |
| Comment by David Crossley [ 03/Nov/22 ] |
|
Thanks Julian for adding that clarification. |
| Comment by David Crossley [ 03/Nov/22 ] |
|
The new images are built, tested, and pushed as:
|
| Comment by Julian Ladisch [ 03/Nov/22 ] |
|
Thanks, both new images actually have the patched version: $ docker exec -it jenkins-slave dpkg-query --list openssl Desired=Unknown/Install/Remove/Purge/Hold | Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad) ||/ Name Version Architecture Description +++-==============-================-============-==================================================== ii openssl 3.0.2-0ubuntu1.7 amd64 Secure Sockets Layer toolkit - cryptographic utility |