<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 23:28:46 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[FOLIO-3523] Fix Out-of-bounds Read in folio-ansible stripes Dockerfile</title>
                <link>https://folio-org.atlassian.net/browse/FOLIO-3523</link>
                <project id="10290" key="FOLIO">FOLIO</project>
                    <description>&lt;p&gt;nginx:stable-alpine in &lt;a href=&quot;https://github.com/folio-org/folio-ansible/blob/master/roles/stripes-docker/templates/Dockerfile.j2&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/folio-ansible/blob/master/roles/stripes-docker/templates/Dockerfile.j2&lt;/a&gt; contains&lt;/p&gt;

&lt;div class=&quot;code panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;codeContent panelContent&quot;&gt;
&lt;pre class=&quot;code-java&quot;&gt;
pcre2/pcre2@10.39-r0
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;that has Out-of-bounds Read vulnerabilities:&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;&lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2022-1586&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2022-1586&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;&lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2022-1587&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2022-1587&lt;/a&gt;&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;A fix is available:&lt;/p&gt;
&lt;div class=&quot;code panel&quot; style=&quot;border-width: 1px;&quot;&gt;&lt;div class=&quot;codeContent panelContent&quot;&gt;
&lt;pre class=&quot;code-java&quot;&gt;
pcre2/pcre2@10.40-r0
&lt;/pre&gt;
&lt;/div&gt;&lt;/div&gt;

&lt;p&gt;However, nginx:stable-alpine doesn&apos;t immediately get security fixes: &lt;a href=&quot;https://github.com/nginxinc/docker-nginx/issues/671&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/nginxinc/docker-nginx/issues/671&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Therefore &lt;tt&gt;RUN apk --no-cache upgrade&lt;/tt&gt; is needed.&lt;/p&gt;</description>
                <environment></environment>
        <key id="82391">FOLIO-3523</key>
            <summary>Fix Out-of-bounds Read in folio-ansible stripes Dockerfile</summary>
                <type id="10001" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium">Bug</type>
                                            <priority id="10001" iconUrl="https://dev.folio.org/assets/jira-priority/jira-p2.svg">P2</priority>
                        <status id="6" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="green"/>
                                    <resolution id="10003">Done</resolution>
                                                        <assignee accountid="5f9abc1eb45b2e007453f423">John Malconian</assignee>
                                                                <reporter accountid="5ee89462f7aa140abd82d11d">Julian Ladisch</reporter>
                                    <labels>
                            <label>reviewed</label>
                            <label>security</label>
                            <label>security-reviewed</label>
                    </labels>
                <created>Tue, 21 Jun 2022 14:24:35 +0000</created>
                <updated>Mon, 25 Jul 2022 14:58:11 +0000</updated>
                            <resolved>Mon, 25 Jul 2022 14:58:11 +0000</resolved>
                                                                    <component>Continuous Integration</component>
                        <due></due>
                            <votes>0</votes>
                                    <watches>1</watches>
                                                                <comments>
                                                            <comment id="198084" author="5f9abc1eb45b2e007453f423" created="Mon, 25 Jul 2022 14:58:11 +0000"  >&lt;p&gt;PR tested and merged.&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10155"><![CDATA[FOLIO DevOps]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10063" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>PO Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10106" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>RCA Group</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10367"><![CDATA[TBD]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i04yx0:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="1971">DevOps Sprint 144</customfieldvalue>
    <customfieldvalue id="1605">DevOps Sprint 142</customfieldvalue>
    <customfieldvalue id="2007">DevOps Sprint 145</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10024" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>[CHART] Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Mon, 25 Jul 2022 14:58:11 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10025" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>[CHART] Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>