postgres-operator icon indicating copy to clipboard operation
postgres-operator copied to clipboard

Published 20 hours ago verified publisher icon zalando

bumped to alpine base image 3.15

Open thedatabaseme opened this issue 2 years ago • 6 comments

Hello,

our SNYK security scan has found, that the Zalando Postgres Operator image is vulnerable to the following security issue which comes by using the Alpine 3.12 base image. It should be fixed in Alpine 3.13. I would like to ask you to update the used base image of the Zalando Operator and release a new version.

https://www.cve.org/CVERecord?id=CVE-2022-37434

thedatabaseme avatar Aug 31 '22 13:08 thedatabaseme

Lets go straight to 3.15. This is also what we use for the pooler. Can you raise the version in all Docker files of the project that use it (debug and UI)?

FxKu avatar Sep 06 '22 07:09 FxKu

Lets go straight to 3.15. This is also what we use for the pooler. Can you raise the version in all Docker files of the project that use it (debug and UI)?

@FxKu,

I've done so. Hope I haven't missed a Dockerfile.

Kind regards Philip

thedatabaseme avatar Sep 06 '22 08:09 thedatabaseme

@FxKu @thedatabaseme - can we bump the base image to 3.16

pgvishnuram avatar Sep 12 '22 05:09 pgvishnuram

@FxKu @thedatabaseme - can we bump the base image to 3.16

@pgvishnuram @FxKu This has to be approved by the maintainers anyway. Just tell me what you wish for.

thedatabaseme avatar Sep 12 '22 05:09 thedatabaseme

@thedatabaseme - I see zolando team already have registry.opensource.zalan.do/v2/library/alpine-3.16 in their registry - I wish to keep it latest

pgvishnuram avatar Sep 12 '22 05:09 pgvishnuram

I tried to raise it to 3.16 for our pooler, but it doesn't work yet. So let's go with 3.15 for now. Any important features we miss out with 3.16 @pgvishnuram ?

FxKu avatar Sep 14 '22 13:09 FxKu

👍

idanovinda avatar Oct 18 '22 09:10 idanovinda

:+1:

FxKu avatar Oct 18 '22 09:10 FxKu