Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

#1408 - Remove Vim #1412

Merged
merged 1 commit into from
Aug 30, 2022
Merged

#1408 - Remove Vim #1412

merged 1 commit into from
Aug 30, 2022

Conversation

lsloan
Copy link
Member

@lsloan lsloan commented Aug 29, 2022
edited

As specified in #1408, to address vulnerability CVE-2021-3973, remove Vim, which was probably installed for debugging purposes.

Closes #1408.

Test plan

  • Start MyLA with docker compose up --build
  • Access application and perform basic functions
  • Check logs for error messages
  • Optional: Start a shell with docker compose exec -it web /bin/sh and verify that Vim is not installed. E.g.…
    • Try running vi, vim-tiny, etc.
    • Use apt list to view a list of installed packages and verify that Vim is not included among them

1408

@lsloan
tl-its-umich-edu#1408 - Remove Vim
0cf2e1b 
To address vulnerability CVE-2021-3973, remove Vim, which was probably installed for debugging purposes.
@lsloan
Copy link
Member Author

lsloan commented Aug 29, 2022

My changes also include cleaning up the formatting, removing trailing and duplicated whitespace.

@lsloan lsloan requested review from jonespm and zqian August 29, 2022 18:56
@zqian zqian linked an issue Aug 30, 2022 that may be closed by this pull request
Vulnerability: CVE-2021-3973, Vim #1408
Closed
zqian
zqian reviewed Aug 30, 2022
View reviewed changes
Copy link
Member

@zqian zqian left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the test plan here?

I can start docker compose and navigate the MyLA tool without any error shown in the log file. Should I test anything else?

@lsloan
Copy link
Member Author

lsloan commented Aug 30, 2022

I'll add a test plan above, but yes, that's the important test.

@lsloan
Copy link
Member Author

lsloan commented Aug 30, 2022

@zqian, I've added a test plan with optional steps for verifying that Vim is not installed.

zqian
zqian approved these changes Aug 30, 2022
View reviewed changes
Copy link
Member

@zqian zqian left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the test plan, @lsloan

I've followed the test steps, and verified vim is not included now.

@lsloan lsloan merged commit bb37896 into tl-its-umich-edu:master Aug 30, 2022
@lsloan lsloan deleted the 1408-remove-vim branch August 30, 2022 15:50
@lsloan
Copy link
Member Author

lsloan commented Aug 30, 2022

:shipit:

@lsloan lsloan self-assigned this Aug 30, 2022
jonespm pushed a commit to jonespm/student-dashboard-django that referenced this pull request Sep 20, 2022
@lsloan @jonespm
tl-its-umich-edu#1408 - Remove Vim (tl-its-umich-edu#1412)
470506a 
As specified in tl-its-umich-edu#1408, to address vulnerability CVE-2021-3973, remove Vim, which was probably installed for debugging purposes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zqian zqian zqian approved these changes

@jonespm jonespm Awaiting requested review from jonespm

Assignees

@lsloan lsloan

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Vulnerability: CVE-2021-3973, Vim
2 participants
@lsloan @zqian