Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] Update alpine to 3.15 #1471

Merged
merged 2 commits into from
Dec 14, 2021
Merged

[Security] Update alpine to 3.15 #1471

merged 2 commits into from
Dec 14, 2021

Conversation

AlexanderBabel
Copy link
Contributor

@AlexanderBabel AlexanderBabel commented Dec 14, 2021
edited by JoelSpeed
Loading

Description

This PR updates alpine to 3.15.

Motivation and Context

Alpine 3.14 contains an older version of busybox. In this version, 11 vulnerabilities have been disclosed.

This PR fixes these vulnerabilities by updating alpine to 3.15.

Vulnerabilities (selection): CVE-2021-42375, CVE-2021-42374, CVE-2021-42378

How Has This Been Tested?

I built the image with docker build . and ran the docker image locally.

Checklist:

  • My change requires a change to the documentation or CHANGELOG.
  • I have updated the documentation/CHANGELOG accordingly.
  • I have created a feature (non-master) branch for my PR.

@AlexanderBabel AlexanderBabel requested a review from a team as a code owner December 14, 2021 01:20
@JoelSpeed JoelSpeed added the bug label Dec 14, 2021
JoelSpeed
JoelSpeed approved these changes Dec 14, 2021
View reviewed changes
Copy link
Member

@JoelSpeed JoelSpeed left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As this has security fixes in place, I'm going to treat it as a bug, LGTM, thanks @AlexanderBabel

@JoelSpeed JoelSpeed merged commit c278e0a into oauth2-proxy:master Dec 14, 2021
@eXeDK
Copy link

eXeDK commented Dec 16, 2021

Do you know when you will be releasing a new version with the upgraded alpine version @JoelSpeed ?

@JoelSpeed
Copy link
Member

New release is now published, v7.2.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JoelSpeed JoelSpeed JoelSpeed approved these changes

Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@AlexanderBabel @eXeDK @JoelSpeed