Uploaded image for project: 'Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces) '
  1. Red Hat OpenShift Dev Spaces (formerly CodeReady Workspaces)
  2. CRW-2829

Collect CVE fixes in 2.15.3 operator metadata/bundle

    XMLWordPrintable

Details

    • False
    • None
    • False

    Description

      Several CVEs have gone out lately but not all of them are being picked up by the metadata/bundle images.

      So until botas/Freshmaker/release-driver figures this out, we'll need to collect the newer images into the CSV, if possible.

      https://github.com/redhat-developer/devspaces/blob/devspaces-3-rhel-8/product/checkImagesInCSV.sh
      $➔ ./checkImagesInCSV.sh quay.io/crw/crw-2-rhel8-operator-bundle:2.15-276.1647377069
...
2.15-13.1646936957 :: registry.redhat.io/codeready-workspaces/stacks-dotnet-rhel8@sha256:2182f35e4b3a961a768037e74faccbde74934ef4dfbbe1b54e61a27061a1c977
...
7.4.0-8.1630314104 :: registry.redhat.io/jboss-eap-7/eap74-openjdk8-openshift-rhel7@sha256:b4a113c4d4972d142a3c350e2006a2b297dc883f8ddb29a88db19c892358632d
3.0-13.1645812003 :: registry.redhat.io/jboss-eap-7/eap-xp3-openjdk11-openshift-rhel8@sha256:bb3072afdbf31ddd1071fea37ed5308db3bf8a2478b5aa5aff8373e8042d6aeb
v4.8.0-202202152218.p0.g813c3da.assembly.stream :: registry.redhat.io/openshift4/ose-kube-rbac-proxy@sha256:1dc542b5ab33368443f698305a90c617385b4e9b101acc4acc0aa7b4bf58a292
v4.8.0-202202152218.p0.g3fc0d89.assembly.stream :: registry.redhat.io/openshift4/ose-oauth-proxy@sha256:83988048d5f585ca936442963e23b77520e1e4d8c3d5b8160e43ae834a24b720
1-31.1645816955 :: registry.redhat.io/rhel8/postgresql-13@sha256:6032adb3eac903ee8aa61f296ca9aaa57f5709e5673504b609222e042823f195
1-159 :: registry.redhat.io/rhel8/postgresql-96@sha256:314747a4a64ac16c33ead6a34479dccf16b9a07abf440ea7eeef7cda4cd19e32
1-50 :: registry.redhat.io/rhscl/mongodb-36-rhel7@sha256:9f799d356d7d2e442bde9d401b720600fd9059a3d8eefea6f3b2ffa721c0dc73
7.5-19 :: registry.redhat.io/rh-sso-7/sso75-openshift-rhel8@sha256:dd4ea229521fb58dda7e547ea6db993156f4c61aa8a00f2fd1375bb77168b6e6
8.5-230.1645809059 :: registry.redhat.io/ubi8/ubi-minimal@sha256:2e4bbb2be6e7aff711ddc93f0b07e49c93d41e4c2ffc8ea75f804ad6fe25564e

      But in the current build of the CRW 2.15.3 bundle, this older version is included:

      $➔ ./checkImagesInCSV.sh quay.io/crw/crw-2-rhel8-operator-bundle:2.15-278
...
2.15-13 :: registry.redhat.io/codeready-workspaces/stacks-dotnet-rhel8@sha256:f48fe1caa5be1ae91140681bee159ca8b11dc687fa50fbf9dc5644f4852bf5c8

      There are 8 CVE NVRs we should have in the latest metadata/bundle builds:

      codeready-workspaces-backup-rhel8-container-2.15-22.1645811501
codeready-workspaces-devfileregistry-rhel8-container-2.15-75.1647455021
codeready-workspaces-idea-rhel8-container-2.15-10.1647448543
codeready-workspaces-plugin-openshift-rhel8-container-2.15-11.1647448510
codeready-workspaces-pluginregistry-rhel8-container-2.15-14.1647455015
codeready-workspaces-stacks-cpp-rhel8-container-2.15-11.1647450616
codeready-workspaces-stacks-dotnet-rhel8-container-2.15-13.1646936957
codeready-workspaces-stacks-php-rhel8-container-2.15-10.1647530968

      Attachments

        Issue Links

          is related to

          Bug - A problem that impairs or prevents the functions of the product. CRW-3243 Dev Spaces Operator should not try to install DWO (OLM already manages it) [3.0.z]

          • Blocker - To be worked above all other priorities. This term is chosen when the severity of the issue is very high, has no workaround, or the effort for the change is comparatively low. Issues that may be very publicly visible and could generate significant media attention may also drive a higher priority.
          • Closed

          Activity

            People

              nickboldt Nick Boldt
              nickboldt Nick Boldt
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: