-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: nginx patched image with fixed CVE #2631
Conversation
✅ Created Kommander branch to test kommander-applications changes: https://github.com/mesosphere/kommander/tree/kapps/main/cve-unprivileged-nginx |
Pull Request Test Coverage Report for Build 10934363283Details
💛 - Coveralls |
@mhrabovcin
docker.io/grafana/loki:2.9.8
docker.io/grafana/loki:2.9.8 but I could see the image available as part of git-operator as well kommander-applications/services/git-operator/0.1.0/git-operator-manifests/all.yaml Line 958 in b87c9b6
Do we have to make the changes in git-operator? |
@dependant rebase |
@dependant rebase |
@dependabot rebase |
f32c99c
to
2fed4d3
Compare
@mhrabovcin please review the PR. |
- image: ghcr.io/mesosphere/dkp-container-images/docker.io/nginxinc/nginx-unprivileged:1.25.5-alpine-d2iq.0 | ||
- image: docker.io/nginxinc/nginx-unprivileged:1.27.1-alpine |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this change needs to be reverted in this pr. this will be part of git-operator bump PR.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@SandhyaRavi2403 do we need to bump the grafana version number here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have't updated for the previous cve fix.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@SandhyaRavi2403 do we need to bump the grafana version number here?
2fed4d3
to
4bca291
Compare
d362789
to
c7a9541
Compare
3593af6
to
5431d67
Compare
What problem does this PR solve?:
Updates nginxinc/nginx-unprivileged. from 1.25.5 to 1.27.1
arvinder.pal@GHH4XN27GC kommander-applications % trivy image nginxinc/nginx-unprivileged:1.27.1-alpine
2024-09-11T17:38:39+05:30 INFO [vuln] Vulnerability scanning is enabled
2024-09-11T17:38:39+05:30 INFO [secret] Secret scanning is enabled
2024-09-11T17:38:39+05:30 INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2024-09-11T17:38:39+05:30 INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.55/docs/scanner/secret#recommendation for faster secret detection
2024-09-11T17:38:42+05:30 INFO Detected OS family="alpine" version="3.20.3"
2024-09-11T17:38:42+05:30 INFO [alpine] Detecting vulnerabilities... os_version="3.20" repository="3.20" pkg_num=66
2024-09-11T17:38:42+05:30 INFO Number of language-specific files num=0
nginxinc/nginx-unprivileged:1.27.1-alpine (alpine 3.20.3)
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
Which issue(s) does this PR fix?:
https://jira.nutanix.com/browse/NCN-102436
Does this PR introduce a user-facing change?:
Checklist