<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 23:29:02 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[FOLIO-3561] folio-install TAMU: apk/apt upgrade fixing vulnerabilities</title>
                <link>https://folio-org.atlassian.net/browse/FOLIO-3561</link>
                <project id="10290" key="FOLIO">FOLIO</project>
                    <description>&lt;p&gt;&lt;a href=&quot;https://github.com/folio-org/folio-install/tree/master/alternative-install/kubernetes-rancher/TAMU&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://github.com/folio-org/folio-install/tree/master/alternative-install/kubernetes-rancher/TAMU&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;has several Dockerfiles that have vulnerable packages.&lt;/p&gt;

&lt;p&gt;Adding apk upgrade or apt upgrade bumps to the latest patch version and fixes these vulnerabilities:&lt;/p&gt;
&lt;ul&gt;
	&lt;li&gt;zlib/zlib1g, zlib/zlib Out-of-bounds Write Out-of-bounds Write &lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2022-37434&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2022-37434&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;busybox/ssl_client &#160;&lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2022-28391&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2022-28391&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;libretls/libretls, openssl/libssl1.1 Loop with Unreachable Exit Condition (&apos;Infinite Loop&apos;) &lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2022-0778&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2022-0778&lt;/a&gt;&lt;/li&gt;
	&lt;li&gt;openssl/libssl1.1 Inadequate Encryption Strength &lt;a href=&quot;https://www.cve.org/CVERecord?id=CVE-2022-2097&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://www.cve.org/CVERecord?id=CVE-2022-2097&lt;/a&gt;&#160;&lt;/li&gt;
&lt;/ul&gt;
</description>
                <environment></environment>
        <key id="82432">FOLIO-3561</key>
            <summary>folio-install TAMU: apk/apt upgrade fixing vulnerabilities</summary>
                <type id="10001" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium">Bug</type>
                                            <priority id="10002" iconUrl="https://dev.folio.org/assets/jira-priority/jira-p3.svg">P3</priority>
                        <status id="6" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="green"/>
                                    <resolution id="10003">Done</resolution>
                                                        <assignee accountid="6291011f9c617b006a6f8d98">jroot</assignee>
                                                                <reporter accountid="5ee89462f7aa140abd82d11d">Julian Ladisch</reporter>
                                    <labels>
                            <label>security</label>
                            <label>security-reviewed</label>
                    </labels>
                <created>Wed, 24 Aug 2022 17:13:11 +0000</created>
                <updated>Wed, 8 Mar 2023 15:27:59 +0000</updated>
                            <resolved>Wed, 8 Mar 2023 15:27:59 +0000</resolved>
                                                                        <due></due>
                            <votes>0</votes>
                                    <watches>2</watches>
                                                                <comments>
                                                            <comment id="198143" author="5af5e627525ba96b58654f12" created="Thu, 25 Aug 2022 07:32:03 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5ee89462f7aa140abd82d11d&quot; class=&quot;user-hover&quot; rel=&quot;5ee89462f7aa140abd82d11d&quot; data-account-id=&quot;5ee89462f7aa140abd82d11d&quot; accountid=&quot;5ee89462f7aa140abd82d11d&quot; rel=&quot;noreferrer&quot;&gt;Julian Ladisch&lt;/a&gt; Which dev team should this be assigned to? Could you update that, and also the RCA value? Thank you!&lt;/p&gt;</comment>
                                                            <comment id="198144" author="5cf6c546b87c300f36eb7b9a" created="Thu, 25 Aug 2022 15:38:28 +0000"  >&lt;p&gt;&lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5af5e627525ba96b58654f12&quot; class=&quot;user-hover&quot; rel=&quot;5af5e627525ba96b58654f12&quot; data-account-id=&quot;5af5e627525ba96b58654f12&quot; accountid=&quot;5af5e627525ba96b58654f12&quot; rel=&quot;noreferrer&quot;&gt;Ann-Marie Breaux&lt;/a&gt; the TAMU devs are handling many of these, and there isn&apos;t a team in JIRA for them.  As far as RCA value it isn&apos;t clear which value is most appropriate.  We&apos;re taking an educated guess in many cases.&lt;/p&gt;</comment>
                                                            <comment id="198145" author="5af5e627525ba96b58654f12" created="Thu, 25 Aug 2022 15:56:33 +0000"  >&lt;p&gt;Thanks, &lt;a href=&quot;https://folio-org.atlassian.net/secure/ViewProfile.jspa?accountId=5cf6c546b87c300f36eb7b9a&quot; class=&quot;user-hover&quot; rel=&quot;5cf6c546b87c300f36eb7b9a&quot; data-account-id=&quot;5cf6c546b87c300f36eb7b9a&quot; accountid=&quot;5cf6c546b87c300f36eb7b9a&quot; rel=&quot;noreferrer&quot;&gt;Craig McNally&lt;/a&gt; I&apos;m going to assign Dev Team = Other, so they will drop out of the &quot;bugs with no dev team&quot; filter. Thank you!&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10003">
                    <name>Relates</name>
                                            <outwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="82433">FOLIO-3562</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10170"><![CDATA[Other dev]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10063" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>PO Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10106" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>RCA Group</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10385"><![CDATA[Related dependency upgrade]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i059r4:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10024" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>[CHART] Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Thu, 25 Aug 2022 07:32:03 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10025" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>[CHART] Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>