-
Notifications
You must be signed in to change notification settings - Fork 38
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
#1408 - Remove Vim #1412
#1408 - Remove Vim #1412
Conversation
To address vulnerability CVE-2021-3973, remove Vim, which was probably installed for debugging purposes.
My changes also include cleaning up the formatting, removing trailing and duplicated whitespace. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is the test plan here?
I can start docker compose and navigate the MyLA tool without any error shown in the log file. Should I test anything else?
I'll add a test plan above, but yes, that's the important test. |
@zqian, I've added a test plan with optional steps for verifying that Vim is not installed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the test plan, @lsloan
I've followed the test steps, and verified vim is not included now.
As specified in tl-its-umich-edu#1408, to address vulnerability CVE-2021-3973, remove Vim, which was probably installed for debugging purposes.
As specified in #1408, to address vulnerability CVE-2021-3973, remove Vim, which was probably installed for debugging purposes.
Closes #1408.
Test plan
docker compose up --build
docker compose exec -it web /bin/sh
and verify that Vim is not installed. E.g.…vi
,vim-tiny
, etc.apt list
to view a list of installed packages and verify that Vim is not included among them