Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

br: security update br image:1.18.1-alpine to 1.18.9-alpine #40863

Merged
merged 2 commits into from Feb 14, 2023
Merged

br: security update br image:1.18.1-alpine to 1.18.9-alpine #40863

merged 2 commits into from Feb 14, 2023

Conversation

xiabee
Copy link
Member

@xiabee xiabee commented Jan 30, 2023
edited

What problem does this PR solve?

Issue Number: Close #39052

Problem Summary:

There are serveral critical vulnerabilities detected in this repository, which located in br/docker/Dockerfile. Now we recommand upgrading the base image of this dockerfile to avoid vulnerabilities.

What is changed and how it works?

Changed the base image of br:

  • br/docker/Dockerfile
  • We recommend upgrading to golang:1.18.9-alpine, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Check List

Tests

  • Unit test
  • Integration test
  • Manual test (add detailed scripts or steps below)
  • No code

Side effects

  • Performance regression: Consumes more CPU
  • Performance regression: Consumes more Memory
  • Breaking backward compatibility

Documentation

  • Affects user behaviors
  • Contains syntax changes
  • Contains variable changes
  • Contains experimental features
  • Changes MySQL compatibility

Release note

Please refer to Release Notes Language Style Guide to write a quality release note.

Just upgrade the base image of BR tool, to fix known vulnerabilities. 
If possible, you can upgrade the base image under the br directory of all branches to this version.

/cc @xhebox ,PTAL

@ti-chi-bot
Copy link
Member

ti-chi-bot commented Jan 30, 2023
edited

[REVIEW NOTIFICATION]

This pull request has been approved by:

  • 3pointer
  • xhebox

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by submitting an approval review.
Reviewer can cancel approval by submitting a request changes review.

@ti-chi-bot ti-chi-bot added do-not-merge/needs-linked-issue release-note size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed do-not-merge/needs-linked-issue labels Jan 30, 2023
@jebter jebter requested a review from 3pointer January 30, 2023 09:23
@ti-chi-bot ti-chi-bot added the status/LGT1 Indicates that a PR has LGTM 1. label Jan 31, 2023
@wuhuizuo
Copy link
Contributor

wuhuizuo commented Feb 1, 2023

/retest

@ti-chi-bot ti-chi-bot added status/LGT2 Indicates that a PR has LGTM 2. and removed status/LGT1 Indicates that a PR has LGTM 1. labels Feb 14, 2023
@xhebox
Copy link
Contributor

xhebox commented Feb 14, 2023

/merge

@ti-chi-bot
Copy link
Member

This pull request has been accepted and is ready to merge.

Commit hash: d0b4fe1

@ti-chi-bot ti-chi-bot added the status/can-merge Indicates a PR has been approved by a committer. label Feb 14, 2023
@ti-chi-bot ti-chi-bot merged commit 5999b2c into pingcap:master Feb 14, 2023
@ti-chi-bot ti-chi-bot mentioned this pull request Feb 14, 2023
Merged
12 tasks
@ti-chi-bot
Copy link
Member

In response to a cherrypick label: new pull request created to branch release-6.5: #41386.

@ti-chi-bot ti-chi-bot mentioned this pull request Feb 14, 2023
Closed
12 tasks
@ti-chi-bot
Copy link
Member

In response to a cherrypick label: new pull request created to branch release-6.6: #41388.

@ti-chi-bot ti-chi-bot mentioned this pull request Feb 14, 2023
Merged
12 tasks
@ti-chi-bot
Copy link
Member

In response to a cherrypick label: new pull request created to branch release-6.1: #41390.

ti-chi-bot pushed a commit to ti-chi-bot/tidb that referenced this pull request Feb 14, 2023
@xiabee @ti-chi-bot
This is an automated cherry-pick of pingcap#40863
7b33b18 
Signed-off-by: ti-chi-bot <ti-community-prow-bot@tidb.io>
blacktear23 pushed a commit to blacktear23/tidb that referenced this pull request Feb 15, 2023
@xiabee @blacktear23
br: security update br image:1.18.1-alpine to 1.18.9-alpine (pingcap#…
61525b4 
…40863)

ref pingcap#39052
ghazalfamilyusa pushed a commit to ghazalfamilyusa/tidb that referenced this pull request Feb 15, 2023
@xiabee @ghazalfamilyusa
br: security update br image:1.18.1-alpine to 1.18.9-alpine (pingcap#…
eda4480 
…40863)

ref pingcap#39052
ti-chi-bot added a commit that referenced this pull request Feb 16, 2023
@ti-chi-bot
br: security update br image:1.18.1-alpine to 1.18.9-alpine (#40863) (#…
41c687f 
…41386)

ref #39052
ti-chi-bot added a commit that referenced this pull request Mar 30, 2023
@ti-chi-bot
br: security update br image:1.18.1-alpine to 1.18.9-alpine (#40863) (#…
a991ae5 
…41390)

ref #39052
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xhebox xhebox xhebox approved these changes

@3pointer 3pointer 3pointer approved these changes

Assignees
No one assigned
Labels
needs-cherry-pick-release-6.1 needs-cherry-pick-release-6.5 release-note size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. status/can-merge Indicates a PR has been approved by a committer. status/LGT2 Indicates that a PR has LGTM 2.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Security upgrade golang from 1.18.1-alpine to 1.18.9-alpine
5 participants
@xiabee @ti-chi-bot @wuhuizuo @xhebox @3pointer