Loading...

XML

Word

Printable

Type: Task
Resolution: Done
Priority: Major
Fix Version/s: 2.15.3.GA
Affects Version/s: 2.15.3.GA
Component/s: deploy: cli, install, machine-exec, operator, productization: build & internals
Labels:
None

Blocked:
False
Blocked Reason:
None
Ready:
False

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Several CVEs have gone out lately but not all of them are being picked up by the metadata/bundle images.

So until botas/Freshmaker/release-driver figures this out, we'll need to collect the newer images into the CSV, if possible.

https://github.com/redhat-developer/devspaces/blob/devspaces-3-rhel-8/product/checkImagesInCSV.sh

$➔ ./checkImagesInCSV.sh quay.io/crw/crw-2-rhel8-operator-bundle:2.15-276.1647377069
...
2.15-13.1646936957 :: registry.redhat.io/codeready-workspaces/stacks-dotnet-rhel8@sha256:2182f35e4b3a961a768037e74faccbde74934ef4dfbbe1b54e61a27061a1c977
...
7.4.0-8.1630314104 :: registry.redhat.io/jboss-eap-7/eap74-openjdk8-openshift-rhel7@sha256:b4a113c4d4972d142a3c350e2006a2b297dc883f8ddb29a88db19c892358632d
3.0-13.1645812003 :: registry.redhat.io/jboss-eap-7/eap-xp3-openjdk11-openshift-rhel8@sha256:bb3072afdbf31ddd1071fea37ed5308db3bf8a2478b5aa5aff8373e8042d6aeb
v4.8.0-202202152218.p0.g813c3da.assembly.stream :: registry.redhat.io/openshift4/ose-kube-rbac-proxy@sha256:1dc542b5ab33368443f698305a90c617385b4e9b101acc4acc0aa7b4bf58a292
v4.8.0-202202152218.p0.g3fc0d89.assembly.stream :: registry.redhat.io/openshift4/ose-oauth-proxy@sha256:83988048d5f585ca936442963e23b77520e1e4d8c3d5b8160e43ae834a24b720
1-31.1645816955 :: registry.redhat.io/rhel8/postgresql-13@sha256:6032adb3eac903ee8aa61f296ca9aaa57f5709e5673504b609222e042823f195
1-159 :: registry.redhat.io/rhel8/postgresql-96@sha256:314747a4a64ac16c33ead6a34479dccf16b9a07abf440ea7eeef7cda4cd19e32
1-50 :: registry.redhat.io/rhscl/mongodb-36-rhel7@sha256:9f799d356d7d2e442bde9d401b720600fd9059a3d8eefea6f3b2ffa721c0dc73
7.5-19 :: registry.redhat.io/rh-sso-7/sso75-openshift-rhel8@sha256:dd4ea229521fb58dda7e547ea6db993156f4c61aa8a00f2fd1375bb77168b6e6
8.5-230.1645809059 :: registry.redhat.io/ubi8/ubi-minimal@sha256:2e4bbb2be6e7aff711ddc93f0b07e49c93d41e4c2ffc8ea75f804ad6fe25564e

But in the current build of the CRW 2.15.3 bundle, this older version is included:

$➔ ./checkImagesInCSV.sh quay.io/crw/crw-2-rhel8-operator-bundle:2.15-278
...
2.15-13 :: registry.redhat.io/codeready-workspaces/stacks-dotnet-rhel8@sha256:f48fe1caa5be1ae91140681bee159ca8b11dc687fa50fbf9dc5644f4852bf5c8

There are 8 CVE NVRs we should have in the latest metadata/bundle builds:

codeready-workspaces-backup-rhel8-container-2.15-22.1645811501
codeready-workspaces-devfileregistry-rhel8-container-2.15-75.1647455021
codeready-workspaces-idea-rhel8-container-2.15-10.1647448543
codeready-workspaces-plugin-openshift-rhel8-container-2.15-11.1647448510
codeready-workspaces-pluginregistry-rhel8-container-2.15-14.1647455015
codeready-workspaces-stacks-cpp-rhel8-container-2.15-11.1647450616
codeready-workspaces-stacks-dotnet-rhel8-container-2.15-13.1646936957
codeready-workspaces-stacks-php-rhel8-container-2.15-10.1647530968

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

op-bundle-2.15-280-contained-imgs-tags-digests.txt
5 kB
2022/03/17 8:46 PM
op-meta-2.15-75-contained-imgs-tags-digests.txt
5 kB
2022/03/17 8:46 PM

is related to

CRW-3243 Dev Spaces Operator should not try to install DWO (OLM already manages it) [3.0.z]

Closed

Assignee:: Nick Boldt

Reporter:: Nick Boldt

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2022/03/17 6:13 PM

Updated:: 2022/09/09 7:16 AM

Resolved:: 2022/03/22 2:13 AM

Details

Description

Attachments

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates