17
362
4
Events
ruby 2.3.1 suddenly stopped working with apt-get update
Like Ruby 2.3, Debian Jessie is also long past end of life (and LTS). Some possible workarounds in https://github.com/docker-library/ruby/issues/394, but I think it was finally pulled from Debian mirrors and so those may not work at all.
Run update-remote.sh on jruby
Run update-remote.sh on lightstreamer
Run update-remote.sh on maven
Run update-remote.sh on neo4j
Run update-remote.sh on neurodebian
Run update-remote.sh on orientdb
Run update-remote.sh on solr
Run update-remote.sh on tomcat
Run update-remote.sh on tomee
Run scan-local.sh on drupal:...
Run scan-local.sh on gazebo:...
Run scan-local.sh on percona:...
Run update-remote.sh on cassandra
Run update-remote.sh on clojure
Run update-remote.sh on flink
Run update-remote.sh on geonetwork
Run update-remote.sh on haxe
Run update-remote.sh on julia
Run update-remote.sh on open-liberty
Run update-remote.sh on pypy
yosifkit push yosifkit/rawdns
Switch to json5 for config file
Now that https://github.com/titanous/json5 has the only bug I noticed while testing it years ago fixed, I don't see a good reason not to use it and get comments in configuration files finally a supported feature. 😅
Merge pull request #33 from self-five/json5
Switch to json5 for config file
Update to Go 1.19, Alpine 3.17, miekg/dns v1.1.50
Merge pull request #34 from self-five/update
Update to Go 1.19, Alpine 3.17, miekg/dns v1.1.50
Update build flags so "govulncheck" can do-the-right-thing
Update 1 to 1.22.2
Update 1-rc to 1.22.3-rc.1
Update 1-rc to 1.22.3-rc.2
Update 1 to 1.23.0
Update 1-rc to 1.23.1-rc.1
Update 1 to 1.23.1
Update 1-rc to 1.23.2-rc.1
Update 1-rc to 1.23.2-rc.2
Update 1 to 1.23.2
Update 1-rc to 1.23.3-rc.1
Update 1-rc to 1.23.3-rc.2
Bump golang.org/x/net from 0.0.0-20220822230855-b0a4917ee28c to 0.7.0 (#644)
Bumps golang.org/x/net from 0.0.0-20220822230855-b0a4917ee28c to 0.7.0.
updated-dependencies:
- dependency-name: golang.org/x/net dependency-type: direct:production ...
Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Enable dependabot (#637)
Auto-update Go modules monthly with dependabot.
Signed-off-by: SuperQ superq@gmail.com
Bump go.etcd.io/bbolt from 1.3.6 to 1.3.7 (#648)
Bumps go.etcd.io/bbolt from 1.3.6 to 1.3.7.
updated-dependencies:
- dependency-name: go.etcd.io/bbolt dependency-type: direct:production update-type: version-update:semver-patch ...
Signed-off-by: dependabot[bot] support@github.com Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Test Coverage (#657)
- util/timeconv testing and bugfixes
Signed-off-by: jakenichols2719 jnichols2719@protonmail.com
- Router tests + updated copyright notice from Gorilla
Signed-off-by: jakenichols2719 jnichols2719@protonmail.com
- Updated testing for some backends
Signed-off-by: jakenichols2719 jnichols2719@protonmail.com
- parsing error test
Signed-off-by: jakenichols2719 jnichols2719@protonmail.com
- test proxy request resources merge; fix null reference
Signed-off-by: jakenichols2719 jnichols2719@protonmail.com
- codespell
Signed-off-by: jakenichols2719 jnichols2719@protonmail.com
- This usually happens a few times... Fixed one more typo.
Signed-off-by: jakenichols2719 jnichols2719@protonmail.com
- Fixed prometheus test; had incorrect error message after change to timeconv
Signed-off-by: jakenichols2719 jnichols2719@protonmail.com
Signed-off-by: jakenichols2719 jnichols2719@protonmail.com
Vendor updates (#658)
- Updated testing for some backends
Signed-off-by: jakenichols2719 jnichols2719@protonmail.com
- codespell
Signed-off-by: jakenichols2719 jnichols2719@protonmail.com
-
bump to go 1.20
-
update redis pkg ver
-
bump brotli version
-
bump badgerdb version
-
bump go-kit log pkg
-
bump influxql version
-
bump compress version
-
bump prometheus client version
-
bump msgp version
-
bump lumberjack version
-
update proptobuf_extensions
-
update openzipkin/zipkin-go
-
bump prometheues client_model + common
Signed-off-by: jakenichols2719 jnichols2719@protonmail.com Co-authored-by: jakenichols2719 jnichols2719@protonmail.com
Chunking 2 (#642)
- OPC/DPC benchmarks
Signed-off-by: jakenichols2719 jnichols2719@protonmail.com
- Added byterange crop with offset
Signed-off-by: jakenichols2719 jnichols2719@protonmail.com
- Added ranges filter
Signed-off-by: jakenichols2719 jnichols2719@protonmail.com
- Added chunking functionality to document
Signed-off-by: jakenichols2719 jnichols2719@protonmail.com
- Byterange handling, save one issue with content-range headers. Runtime is roughly equal to regular implementation.
Signed-off-by: jakenichols2719 jnichols2719@protonmail.com
- Timeseries handling. Needs performance increase.
Signed-off-by: jakenichols2719 jnichols2719@protonmail.com
- Performance increase 1, shared memory for timeseries merge
Signed-off-by: jakenichols2719 jnichols2719@protonmail.com
- Configuration + split tests/benchmarks for cache chunking
Signed-off-by: jakenichols2719 jnichols2719@protonmail.com
- Documentation and fix to Range.CropBytes
Signed-off-by: jakenichols2719 jnichols2719@protonmail.com
- Fix to OPC partial responses
Signed-off-by: jakenichols2719 jnichols2719@protonmail.com
- Stopped marshalling memory caches in DPC chunking to more accurately represent performance
Signed-off-by: jakenichols2719 jnichols2719@protonmail.com
- Added license headers
Signed-off-by: jakenichols2719 jnichols2719@protonmail.com
-
avoid channels when possible
-
Added some comments and examples to the relevant files
Signed-off-by: jakenichols2719 jnichols2719@protonmail.com Co-authored-by: James Ranson james@ranson.org
yosifkit push yosifkit/docker
api/types/filters: Add GetBoolOrDefault
Signed-off-by: Paweł Gronowski pawel.gronowski@docker.com
Use GetBoolOrDefault to remove duplicated invalidFilter usages
The pattern of parsing bool was repeated across multiple files and caused the duplication of the invalidFilter error helper.
Signed-off-by: Paweł Gronowski pawel.gronowski@docker.com
Fix loop-closure bugs in tests
...which were flagged by golangci-lint v1.51.
Signed-off-by: Cory Snider csnider@mirantis.com
distribution/xfer: fix download fencepost bug
maxDownloadAttempts maps to the daemon configuration flag
--max-download-attempts int
Set the max download attempts for each pull (default 5)
and the daemon configuration machinery interprets a value of 0 as "apply the default value" and not a valid user value (config validation/ normalization bugs notwithstanding). The intention is clearly that this configuration value should be an upper limit on the number of times the daemon should try to download a particular layer before giving up. So it is surprising to have the configuration value interpreted as a retry limit. The daemon will make up to N+1 attempts to download a layer! This also means users cannot disable retries even if they wanted to.
Fix the fencepost bug so that max attempts really means max attempts, not max retries. And fix the fencepost bug with the retry-backoff delay so that the first backoff is 5s, not 10s.
Signed-off-by: Cory Snider csnider@mirantis.com
vendor: github.com/containerd/containerd v1.6.18
Signed-off-by: Bjorn Neergaard bneergaard@mirantis.com
Revert "apparmor: Check if apparmor_parser is available"
This reverts commit ab3fa46502381293b7dc5526c296e7e598d1983b.
This fix was partial, and is not needed with the proper fix in containerd.
Signed-off-by: Bjorn Neergaard bneergaard@mirantis.com
libnet/ipam: fix racy, flaky unit test
TestRequestReleaseAddressDuplicate gets flagged by go test -race because the same err variable inside the test is assigned to from multiple goroutines without synchronization, which obscures whether or not there are any data races in the code under test.
Trouble is, the test depends on the data race to exit the loop if an error occurs inside a spawned goroutine. And the test contains a logical concurrency bug (not flagged by the Go race detector) which can result in false-positive test failures. Because a release operation is logged after the IP is released, the other goroutine could reacquire the address and log that it was reacquired before the release is logged.
Fix up the test so it is no longer subject to data races or false-positive test failures, i.e. flakes.
Signed-off-by: Cory Snider csnider@mirantis.com
libnetwork: add regression test for issue 44575
Signed-off-by: Cory Snider csnider@mirantis.com
libnetwork: extract fn for external DNS forwarding
Signed-off-by: Cory Snider csnider@mirantis.com
libnetwork: reply SERVFAIL on resolve error
...instead of silently dropping the DNS query.
Signed-off-by: Cory Snider csnider@mirantis.com
libnetwork: refactor ServeDNS for readability
Signed-off-by: Cory Snider csnider@mirantis.com
libnetwork: get rid of truncation red herring
The TC flag in a DNS message indicates that the sender had to truncate it to fit within the length limit of the transmission channel. It does NOT indicate that part of the message was lost before reaching the recipient. Older versions of github.com/miekg/dns conflated the two cases by returning ErrTruncated from ReadMsg() if the message was parsed without error but had the TC flag set. The version of miekg/dns currently vendored no longer returns an error when a well-formed DNS message is received which has its TC flag set, but there was some confusion on how to update libnetwork to deal with this behaviour change. Truncated DNS replies are no longer different from any other reply message: they are normal replies which do not need any special- case handling to proxy back to the client.
Signed-off-by: Cory Snider csnider@mirantis.com
libnetwork: truncate DNS msgs using library method
(*dns.Msg).Truncate() is more intelligent and standards-compliant about truncating DNS response messages than our hand-rolled version. Fix a silly fencepost error the max TCP message size: the limit is dns.MaxMsgSize (65535), full stop.
Signed-off-by: Cory Snider csnider@mirantis.com
libnetwork: extract dialExtDNS to method
Signed-off-by: Cory Snider csnider@mirantis.com
libnetwork: extract DNS client exchange to method
forwardExtDNS() will now continue with the next external DNS sever if co.ReadMsg() returns (nil, nil). Previously it would abort resolving the query and not reply to the container client. The implementation of ReadMsg() in the currently- vendored version of miekg/dns cannot return (nil, nil) so the difference is immaterial in practice.
Signed-off-by: Cory Snider csnider@mirantis.com
libnetwork: reply SERVFAIL if DNS forwarding fails
Fixes moby/moby issue 44575
Signed-off-by: Cory Snider csnider@mirantis.com
libnetwork: use dns.Client for forwarded requests
It handles figuring out the UDP receive buffer size and setting IO timeouts, which simplifies our code. It is also more robust to receiving UDP replies to earlier queries which timed out.
Log failures to perform a client exchange at level error so they are more visible to operators and administrators.
Signed-off-by: Cory Snider csnider@mirantis.com
libnetwork: replace ad-hoc semaphore implementation
...for limiting concurrent external DNS requests with "golang.org/x/sync/semaphore".Weighted. Replace the ad-hoc rate limiter for when the concurrency limit is hit (which contains a data-race bug) with "golang.org/x/time/rate".Sometimes.
Immediately retrying with the next server if the concurrency limit has been hit just further compounds the problem. Wait on the semaphore and refuse the query if it could not be acquired in a reasonable amount of time.
Signed-off-by: Cory Snider csnider@mirantis.com
libnetwork: fail loudly on resolver iptables setup
Signed-off-by: Cory Snider csnider@mirantis.com
libnetwork: forward unknown PTR queries externally
PTR queries with domain names unknown to us are not necessarily invalid. Act like a well-behaved middlebox and fall back to forwarding externally, same as we do with the other query types.
Signed-off-by: Cory Snider csnider@mirantis.com
Update wordpress
Changes:
- https://github.com/docker-library/wordpress/commit/0a9079d: Update beta to 6.2-RC5
Merge pull request #14367 from docker-library-bot/wordpress
Update wordpress
Update wordpress
Changes:
- https://github.com/docker-library/wordpress/commit/0a9079d: Update beta to 6.2-RC5
Update haproxy
Changes:
- https://github.com/docker-library/haproxy/commit/b8c3d54: Update 2.8 to 2.8-dev6
- https://github.com/docker-library/haproxy/commit/791843a: Update 2.6 to 2.6.12
- https://github.com/docker-library/haproxy/commit/3e8ddb6: Update 2.7 to 2.7.6
Merge pull request #14366 from docker-library-bot/haproxy
Update haproxy
Update haproxy
Changes:
- https://github.com/docker-library/haproxy/commit/b8c3d54: Update 2.8 to 2.8-dev6
- https://github.com/docker-library/haproxy/commit/791843a: Update 2.6 to 2.6.12
- https://github.com/docker-library/haproxy/commit/3e8ddb6: Update 2.7 to 2.7.6
Update docker
Changes:
- https://github.com/docker-library/docker/commit/47f0e5d: Update 23.0 to 23.0.2
- https://github.com/docker-library/docker/commit/9e9c762: Merge pull request https://github.com/docker-library/docker/pull/416 from infosiftr/buildkit
Merge pull request #14365 from docker-library-bot/docker
Update docker
Update docker
Changes:
- https://github.com/docker-library/docker/commit/47f0e5d: Update 23.0 to 23.0.2
- https://github.com/docker-library/docker/commit/9e9c762: Merge pull request https://github.com/docker-library/docker/pull/416 from infosiftr/buildkit
Update ghost
Changes:
- https://github.com/docker-library/ghost/commit/5780829: Update to 5.40.2, ghost-cli 1.24.0
Update ghost
Changes:
- https://github.com/docker-library/ghost/commit/5780829: Update to 5.40.2, ghost-cli 1.24.0
Merge pull request #14364 from docker-library-bot/ghost
Update ghost
Update bash
Changes:
- https://github.com/tianon/docker-bash/commit/f30bf5c: Update devel to 20230327, commit 57d4dc15ff35895a1c1248f948f59739ffb99fde
- https://github.com/tianon/docker-bash/commit/a09af45: Update 4.1 to 4.1.17, patch 17
- https://github.com/tianon/docker-bash/commit/43525b1: Update 4.1 to 4.1.0
- https://github.com/tianon/docker-bash/commit/f1c77bd: Update 3.2 to patch 57
- https://github.com/tianon/docker-bash/commit/c761e04: Update 3.2
Merge pull request #14363 from docker-library-bot/bash
Update bash
Update bash
Changes:
- https://github.com/tianon/docker-bash/commit/f30bf5c: Update devel to 20230327, commit 57d4dc15ff35895a1c1248f948f59739ffb99fde
- https://github.com/tianon/docker-bash/commit/a09af45: Update 4.1 to 4.1.17, patch 17
- https://github.com/tianon/docker-bash/commit/43525b1: Update 4.1 to 4.1.0
- https://github.com/tianon/docker-bash/commit/f1c77bd: Update 3.2 to patch 57
- https://github.com/tianon/docker-bash/commit/c761e04: Update 3.2
Odoo: update 14.0-16.0 to release 20230329
Merge pull request #14361 from odoo/master
Odoo: update 14.0-16.0 to release 20230329
Odoo: update 14.0-16.0 to release 20230329
Hello,
here a re the latest Odoo updates for supported versions.
Thx
alpine: edge snapshot 20230329
alpine: bump 3.17.3 (CVE-2023-0464, CVE-2023-0465, CVE-2023-0466)
alpine: bump 3.16.5 (CVE-2023-0464, CVE-2023-0465)
alpine: bump 3.15.8 (CVE-2023-0464, CVE-2023-0465)
alpine: bump 3.14.10 (CVE-2023-0464, CVE-2023-0465)
Merge pull request #14362 from ncopa/alpine-CVE-2023-0464
Alpine CVE-2023-0464 / CVE-2023-0465
Alpine CVE-2023-0464 / CVE-2023-0465
Alpine CVE-2023-0464 / CVE-2023-0465
Since GitHub Actions isn't working, here is the diff:
diff --git a/_bashbrew-cat b/_bashbrew-cat
index ef927b3..1f53d14 100644
--- a/_bashbrew-cat
+++ b/_bashbrew-cat
@@ -1,10 +1,10 @@
Maintainers: Natanael Copa <ncopa@alpinelinux.org> (@ncopa)
GitRepo: https://github.com/alpinelinux/docker-alpine.git
-Tags: 3.14.9, 3.14
+Tags: 3.14.10, 3.14
Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
GitFetch: refs/heads/v3.14
-GitCommit: b040c4549c910e61cc9e783ef7741fed7a7b9e96
+GitCommit: cb8d8712f672bfa9a8b9a1f64b2c12f369f1cc68
amd64-Directory: x86_64
arm32v6-Directory: armhf
arm32v7-Directory: armv7
@@ -13,10 +13,10 @@ i386-Directory: x86
ppc64le-Directory: ppc64le
s390x-Directory: s390x
-Tags: 3.15.7, 3.15
+Tags: 3.15.8, 3.15
Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
GitFetch: refs/heads/v3.15
-GitCommit: 2060d1dc5d0532fbc48f8735e77f5e787ebbff60
+GitCommit: d5bee21392df6b1e0b491cee3f3436121238a178
amd64-Directory: x86_64
arm32v6-Directory: armhf
arm32v7-Directory: armv7
@@ -25,10 +25,10 @@ i386-Directory: x86
ppc64le-Directory: ppc64le
s390x-Directory: s390x
-Tags: 3.16.4, 3.16
+Tags: 3.16.5, 3.16
Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
GitFetch: refs/heads/v3.16
-GitCommit: 106cf8fa24b495c3c7cac2ef3564fb78aef24751
+GitCommit: 8abeb7449b58d28e108a027990013f56845bdea4
amd64-Directory: x86_64
arm32v6-Directory: armhf
arm32v7-Directory: armv7
@@ -37,10 +37,10 @@ i386-Directory: x86
ppc64le-Directory: ppc64le
s390x-Directory: s390x
-Tags: 3.17.2, 3.17, 3, latest
+Tags: 3.17.3, 3.17, 3, latest
Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, s390x
GitFetch: refs/heads/v3.17
-GitCommit: d8ed1701dac37e1b6db026bec0a26be683288074
+GitCommit: 681b8c677aaed66e48a5ce721509647bd4dcd017
amd64-Directory: x86_64
arm32v6-Directory: armhf
arm32v7-Directory: armv7
@@ -49,10 +49,10 @@ i386-Directory: x86
ppc64le-Directory: ppc64le
s390x-Directory: s390x
-Tags: 20230208, edge
+Tags: 20230329, edge
Architectures: amd64, arm32v6, arm32v7, arm64v8, i386, ppc64le, riscv64, s390x
GitFetch: refs/heads/edge
-GitCommit: a4149305cd4d815083f3dcf4c948e0ac4f1e99dd
+GitCommit: c025403b1536857f35630b3c7fe5aabf8b6d256a
amd64-Directory: x86_64
arm32v6-Directory: armhf
arm32v7-Directory: armv7
diff --git a/_bashbrew-list b/_bashbrew-list
index e2d8b0b..d8501da 100644
--- a/_bashbrew-list
+++ b/_bashbrew-list
@@ -1,12 +1,12 @@
alpine:3
alpine:3.14
-alpine:3.14.9
+alpine:3.14.10
alpine:3.15
-alpine:3.15.7
+alpine:3.15.8
alpine:3.16
-alpine:3.16.4
+alpine:3.16.5
alpine:3.17
-alpine:3.17.2
-alpine:20230208
+alpine:3.17.3
+alpine:20230329
alpine:edge
alpine:latest
diff --git a/alpine_3.14/Dockerfile b/alpine_3.14/Dockerfile
index 5a0d578..eb69b75 100644
--- a/alpine_3.14/Dockerfile
+++ b/alpine_3.14/Dockerfile
@@ -1,3 +1,3 @@
FROM scratch
-ADD alpine-minirootfs-3.14.9-x86_64.tar.gz /
+ADD alpine-minirootfs-3.14.10-x86_64.tar.gz /
CMD ["/bin/sh"]
diff --git a/alpine_3.14/alpine-minirootfs-3.14.9-x86_64.tar.gz b/alpine_3.14/alpine-minirootfs-3.14.10-x86_64.tar.gz
similarity index 33%
rename from alpine_3.14/alpine-minirootfs-3.14.9-x86_64.tar.gz
rename to alpine_3.14/alpine-minirootfs-3.14.10-x86_64.tar.gz
index 20a0f2e..43f9f88 100644
Binary files a/alpine_3.14/alpine-minirootfs-3.14.9-x86_64.tar.gz and b/alpine_3.14/alpine-minirootfs-3.14.10-x86_64.tar.gz differ
diff --git a/alpine_3.14/alpine-minirootfs-3.14.9-x86_64.tar.gz 'tar -t' b/alpine_3.14/alpine-minirootfs-3.14.10-x86_64.tar.gz 'tar -t'
similarity index 100%
rename from alpine_3.14/alpine-minirootfs-3.14.9-x86_64.tar.gz 'tar -t'
rename to alpine_3.14/alpine-minirootfs-3.14.10-x86_64.tar.gz 'tar -t'
diff --git a/alpine_3.15/Dockerfile b/alpine_3.15/Dockerfile
index e30e629..fd3b287 100644
--- a/alpine_3.15/Dockerfile
+++ b/alpine_3.15/Dockerfile
@@ -1,3 +1,3 @@
FROM scratch
-ADD alpine-minirootfs-3.15.7-x86_64.tar.gz /
+ADD alpine-minirootfs-3.15.8-x86_64.tar.gz /
CMD ["/bin/sh"]
diff --git a/alpine_3.15/alpine-minirootfs-3.15.7-x86_64.tar.gz b/alpine_3.15/alpine-minirootfs-3.15.8-x86_64.tar.gz
similarity index 32%
rename from alpine_3.15/alpine-minirootfs-3.15.7-x86_64.tar.gz
rename to alpine_3.15/alpine-minirootfs-3.15.8-x86_64.tar.gz
index b091dd7..d7289ee 100644
Binary files a/alpine_3.15/alpine-minirootfs-3.15.7-x86_64.tar.gz and b/alpine_3.15/alpine-minirootfs-3.15.8-x86_64.tar.gz differ
diff --git a/alpine_3.15/alpine-minirootfs-3.15.7-x86_64.tar.gz 'tar -t' b/alpine_3.15/alpine-minirootfs-3.15.8-x86_64.tar.gz 'tar -t'
similarity index 100%
rename from alpine_3.15/alpine-minirootfs-3.15.7-x86_64.tar.gz 'tar -t'
rename to alpine_3.15/alpine-minirootfs-3.15.8-x86_64.tar.gz 'tar -t'
diff --git a/alpine_3.16/Dockerfile b/alpine_3.16/Dockerfile
index 3a79634..2d3360d 100644
--- a/alpine_3.16/Dockerfile
+++ b/alpine_3.16/Dockerfile
@@ -1,3 +1,3 @@
FROM scratch
-ADD alpine-minirootfs-3.16.4-x86_64.tar.gz /
+ADD alpine-minirootfs-3.16.5-x86_64.tar.gz /
CMD ["/bin/sh"]
diff --git a/alpine_3.16/alpine-minirootfs-3.16.4-x86_64.tar.gz b/alpine_3.16/alpine-minirootfs-3.16.5-x86_64.tar.gz
similarity index 31%
rename from alpine_3.16/alpine-minirootfs-3.16.4-x86_64.tar.gz
rename to alpine_3.16/alpine-minirootfs-3.16.5-x86_64.tar.gz
index 33f390e..8007e4c 100644
Binary files a/alpine_3.16/alpine-minirootfs-3.16.4-x86_64.tar.gz and b/alpine_3.16/alpine-minirootfs-3.16.5-x86_64.tar.gz differ
diff --git a/alpine_3.16/alpine-minirootfs-3.16.4-x86_64.tar.gz 'tar -t' b/alpine_3.16/alpine-minirootfs-3.16.5-x86_64.tar.gz 'tar -t'
similarity index 100%
rename from alpine_3.16/alpine-minirootfs-3.16.4-x86_64.tar.gz 'tar -t'
rename to alpine_3.16/alpine-minirootfs-3.16.5-x86_64.tar.gz 'tar -t'
diff --git a/alpine_edge/Dockerfile b/alpine_edge/Dockerfile
index 9eb6d09..fb03c71 100644
--- a/alpine_edge/Dockerfile
+++ b/alpine_edge/Dockerfile
@@ -1,3 +1,3 @@
FROM scratch
-ADD alpine-minirootfs-20230208-x86_64.tar.gz /
+ADD alpine-minirootfs-20230329-x86_64.tar.gz /
CMD ["/bin/sh"]
diff --git a/alpine_edge/alpine-minirootfs-20230208-x86_64.tar.gz b/alpine_edge/alpine-minirootfs-20230329-x86_64.tar.gz
similarity index 33%
rename from alpine_edge/alpine-minirootfs-20230208-x86_64.tar.gz
rename to alpine_edge/alpine-minirootfs-20230329-x86_64.tar.gz
index 65a4889..9d35f62 100644
Binary files a/alpine_edge/alpine-minirootfs-20230208-x86_64.tar.gz and b/alpine_edge/alpine-minirootfs-20230329-x86_64.tar.gz differ
diff --git a/alpine_edge/alpine-minirootfs-20230208-x86_64.tar.gz 'tar -t' b/alpine_edge/alpine-minirootfs-20230329-x86_64.tar.gz 'tar -t'
similarity index 99%
rename from alpine_edge/alpine-minirootfs-20230208-x86_64.tar.gz 'tar -t'
rename to alpine_edge/alpine-minirootfs-20230329-x86_64.tar.gz 'tar -t'
index 7fcbce7..faaf82e 100644
--- a/alpine_edge/alpine-minirootfs-20230208-x86_64.tar.gz 'tar -t'
+++ b/alpine_edge/alpine-minirootfs-20230329-x86_64.tar.gz 'tar -t'
@@ -95,6 +95,7 @@ etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub
etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub
etc/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub
etc/apk/protected_paths.d/
+etc/apk/protected_paths.d/alpine-release.list
etc/apk/repositories
etc/apk/world
etc/conf.d/
diff --git a/alpine_latest/Dockerfile b/alpine_latest/Dockerfile
index 469f9d0..041d0b0 100644
--- a/alpine_latest/Dockerfile
+++ b/alpine_latest/Dockerfile
@@ -1,3 +1,3 @@
FROM scratch
-ADD alpine-minirootfs-3.17.2-x86_64.tar.gz /
+ADD alpine-minirootfs-3.17.3-x86_64.tar.gz /
CMD ["/bin/sh"]
diff --git a/alpine_latest/alpine-minirootfs-3.17.2-x86_64.tar.gz b/alpine_latest/alpine-minirootfs-3.17.3-x86_64.tar.gz
similarity index 33%
rename from alpine_latest/alpine-minirootfs-3.17.2-x86_64.tar.gz
rename to alpine_latest/alpine-minirootfs-3.17.3-x86_64.tar.gz
index 913190c..341711c 100644
Binary files a/alpine_latest/alpine-minirootfs-3.17.2-x86_64.tar.gz and b/alpine_latest/alpine-minirootfs-3.17.3-x86_64.tar.gz differ
diff --git a/alpine_latest/alpine-minirootfs-3.17.2-x86_64.tar.gz 'tar -t' b/alpine_latest/alpine-minirootfs-3.17.3-x86_64.tar.gz 'tar -t'
similarity index 100%
rename from alpine_latest/alpine-minirootfs-3.17.2-x86_64.tar.gz 'tar -t'
rename to alpine_latest/alpine-minirootfs-3.17.3-x86_64.tar.gz 'tar -t'
alpine - libjpeg-turbo 2.1.4-r0 - possible denial of service
Yes, the libjpeg-turbo package is installed during the nginx:1.23-alpine build but it is as up to date as is available in Alpine's packages (apk).
There are other package updates available, but no updates for libjpeg-turbo:
$ docker run -it --rm nginx:1.23.4-alpine sh
Unable to find image 'nginx:1.23.4-alpine' locally
1.23.4-alpine: Pulling from library/nginx
63b65145d645: Already exists
51f129e7c3f1: Pull complete
f32490ce40c5: Pull complete
d18f1b67600c: Pull complete
b793aaf052d0: Pull complete
10b0102e5979: Pull complete
ec50f2776186: Pull complete
Digest: sha256:ff07dba791a114f5d944c8455e8236ca4b184bfd8d21d90b7755a4ba0a119b06
Status: Downloaded newer image for nginx:1.23.4-alpine
/ # apk upgrade --no-cache
fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/community/x86_64/APKINDEX.tar.gz
(1/2) Upgrading libcrypto3 (3.0.8-r0 -> 3.0.8-r2)
(2/2) Upgrading libssl3 (3.0.8-r0 -> 3.0.8-r2)
Executing ca-certificates-20220614-r4.trigger
OK: 43 MiB in 62 packages
/ #
The other packages will be automatically updated the next time the alpine image is updated or at the next nginx version bump. If you need updates earlier, you could just apk upgrade --no-cache in a new image.
Background:
Tags in the [official-images] library file[s] are only built through an update to that library file or as a result of its base image being updated (ie, an image
FROM debian:busterwould be rebuilt whendebian:busteris built).-https://github.com/docker-library/official-images/tree/2f086314307c04e1de77f0a515f20671e60d40bb#library-definition-files
Official Images FAQ:
Though not every CVE is removed from the images, we take CVEs seriously and try to ensure that images contain the most up-to-date packages available within a reasonable time frame
- https://github.com/docker-library/faq/tree/0ad5fd60288109c875a54a37f6581b2deaa836db#why-does-my-security-scanner-show-that-an-image-has-cves
Since our build system makes heavy use of Docker build cache, just rebuilding the all of the Dockerfiles won't cause any change. So we rely on periodic base image updates.
We strive to publish updated images at least monthly for Debian. We also rebuild earlier if there is a critical security need. Many Official Images are maintained by the community or their respective upstream projects, like Ubuntu, Alpine, and Oracle Linux, and are subject to their own maintenance schedule.
- from the same FAQ link
Retag Kong
We moved our official image from Alpine to Ubuntu
Merge pull request #14354 from Kong/kong-retag
Retag Kong
Retag Kong
We moved our official image from Alpine to Ubuntu
