Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update alpine images to 3.15.4 #5780

Merged
merged 1 commit into from
Apr 6, 2022
Merged

Update alpine images to 3.15.4 #5780

merged 1 commit into from
Apr 6, 2022

Conversation

simonswine
Copy link
Contributor

@simonswine simonswine commented Apr 6, 2022
edited
Loading

What this PR does / why we need it:

This updates all references to alpine images to the latest released 3.15.4

It was released yesterday to address busybox CVE-2022-28391

Checklist

  • Add an entry in the CHANGELOG.md about the changes.

@simonswine simonswine force-pushed the 20220406_update-alpine-image-versions branch from c122f4b to 87a935d Compare April 6, 2022 11:50
@simonswine
Copy link
Contributor Author

Command used:

git ls-files  '*[Dd]ockerfile*' | grep -v ^vendor/ | xargs sed -i "s/alpine:[a-z0-9\\.]*/alpine:3.15.4/g"

@simonswine simonswine marked this pull request as ready for review April 6, 2022 11:51
@simonswine simonswine requested a review from a team as a code owner April 6, 2022 11:51
@slim-bean
Copy link
Collaborator

do we want to pin this to the .4? or should we just do 3.15?

@slim-bean
Copy link
Collaborator

I think it would be better to do 3.15 and then we would auto get the latest patch fixes

@simonswine
Copy link
Contributor Author

I think it would be better to do 3.15 and then we would auto get the latest patch fixes

I don't think we want that. E.g if we would have built 3.15 let's say two weeks ago, how would we clearly understand that we are vulnerable to CVE-2022-28391 which was only released 2 days ago. I think we want immutable tags used as base image, so we clearly have our dependecies pinned down.

@slim-bean slim-bean added the backport release-2.5.x Tag a PR with this label to create a PR which cherry pics it into the release-2.5.x branch label Apr 6, 2022
@slim-bean slim-bean merged commit 3d941cc into grafana:main Apr 6, 2022
grafanabot pushed a commit that referenced this pull request Apr 6, 2022
@simonswine @grafanabot
Update alpine images to 3.15.4 (#5780)
3667c0f 
(cherry picked from commit 3d941cc)
@grafanabot grafanabot mentioned this pull request Apr 6, 2022
Merged
slim-bean pushed a commit that referenced this pull request Apr 6, 2022
@grafanabot @simonswine
Update alpine images to 3.15.4 (#5780) (#5786)
3b0ae7e 
(cherry picked from commit 3d941cc)

Co-authored-by: Christian Simon <simon@swine.de>
splitice pushed a commit to X4BNet/loki that referenced this pull request May 21, 2022
@grafanabot @simonswine @splitice
Update alpine images to 3.15.4 (grafana#5780) (grafana#5786)
d9e42fd 
(cherry picked from commit 3d941cc)

Co-authored-by: Christian Simon <simon@swine.de>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@slim-bean slim-bean slim-bean approved these changes

Assignees
No one assigned
Labels
backport release-2.5.x Tag a PR with this label to create a PR which cherry pics it into the release-2.5.x branch size/S
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@simonswine @slim-bean