Uploaded image for project: 'Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces) '
  1. Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces)
  2. CRW-2829

Collect CVE fixes in 2.15.3 operator metadata/bundle

    XMLWordPrintable

Details

    Description

      Several CVEs have gone out lately but not all of them are being picked up by the metadata/bundle images.

      So until botas/Freshmaker/release-driver figures this out, we'll need to collect the newer images into the CSV, if possible.

      $➔ ./checkImagesInCSV.sh quay.io/crw/crw-2-rhel8-operator-bundle:2.15-276.1647377069
      ...
      2.15-13.1646936957 :: registry.redhat.io/codeready-workspaces/stacks-dotnet-rhel8@sha256:2182f35e4b3a961a768037e74faccbde74934ef4dfbbe1b54e61a27061a1c977
      ...
      7.4.0-8.1630314104 :: registry.redhat.io/jboss-eap-7/eap74-openjdk8-openshift-rhel7@sha256:b4a113c4d4972d142a3c350e2006a2b297dc883f8ddb29a88db19c892358632d
      3.0-13.1645812003 :: registry.redhat.io/jboss-eap-7/eap-xp3-openjdk11-openshift-rhel8@sha256:bb3072afdbf31ddd1071fea37ed5308db3bf8a2478b5aa5aff8373e8042d6aeb
      v4.8.0-202202152218.p0.g813c3da.assembly.stream :: registry.redhat.io/openshift4/ose-kube-rbac-proxy@sha256:1dc542b5ab33368443f698305a90c617385b4e9b101acc4acc0aa7b4bf58a292
      v4.8.0-202202152218.p0.g3fc0d89.assembly.stream :: registry.redhat.io/openshift4/ose-oauth-proxy@sha256:83988048d5f585ca936442963e23b77520e1e4d8c3d5b8160e43ae834a24b720
      1-31.1645816955 :: registry.redhat.io/rhel8/postgresql-13@sha256:6032adb3eac903ee8aa61f296ca9aaa57f5709e5673504b609222e042823f195
      1-159 :: registry.redhat.io/rhel8/postgresql-96@sha256:314747a4a64ac16c33ead6a34479dccf16b9a07abf440ea7eeef7cda4cd19e32
      1-50 :: registry.redhat.io/rhscl/mongodb-36-rhel7@sha256:9f799d356d7d2e442bde9d401b720600fd9059a3d8eefea6f3b2ffa721c0dc73
      7.5-19 :: registry.redhat.io/rh-sso-7/sso75-openshift-rhel8@sha256:dd4ea229521fb58dda7e547ea6db993156f4c61aa8a00f2fd1375bb77168b6e6
      8.5-230.1645809059 :: registry.redhat.io/ubi8/ubi-minimal@sha256:2e4bbb2be6e7aff711ddc93f0b07e49c93d41e4c2ffc8ea75f804ad6fe25564e
      

      But in the current build of the CRW 2.15.3 bundle, this older version is included:

      $➔ ./checkImagesInCSV.sh quay.io/crw/crw-2-rhel8-operator-bundle:2.15-278
      ...
      2.15-13 :: registry.redhat.io/codeready-workspaces/stacks-dotnet-rhel8@sha256:f48fe1caa5be1ae91140681bee159ca8b11dc687fa50fbf9dc5644f4852bf5c8
      

      There are 8 CVE NVRs we should have in the latest metadata/bundle builds:

      codeready-workspaces-backup-rhel8-container-2.15-22.1645811501
      codeready-workspaces-devfileregistry-rhel8-container-2.15-75.1647455021
      codeready-workspaces-idea-rhel8-container-2.15-10.1647448543
      codeready-workspaces-plugin-openshift-rhel8-container-2.15-11.1647448510
      codeready-workspaces-pluginregistry-rhel8-container-2.15-14.1647455015
      codeready-workspaces-stacks-cpp-rhel8-container-2.15-11.1647450616
      codeready-workspaces-stacks-dotnet-rhel8-container-2.15-13.1646936957
      codeready-workspaces-stacks-php-rhel8-container-2.15-10.1647530968
      

      Attachments

        Activity

          People

            nickboldt Nick Boldt
            nickboldt Nick Boldt
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: