From d9250abdcc27bdeb4b52569d9460840a4e98213f Mon Sep 17 00:00:00 2001 From: Timo Tietavainen Date: Wed, 13 Jul 2022 20:31:48 +0300 Subject: [PATCH] Bump Redis to 6.2.7 to fix security vulnerability Fix following security vulnerability tickets by taking to use Redis runner base container image version 6.2.7: https://nvd.nist.gov/vuln/detail/CVE-2022-24735 https://nvd.nist.gov/vuln/detail/CVE-2022-24736 New DBAAS container version 0.6.2 will be built on top of Redis 6.2.7. Issue-Id: RIC-927 Signed-off-by: Timo Tietavainen Change-Id: Ib4fa78c4319d0419060a45e69dacc88f7346b8e7 --- container-tag.yaml | 2 +- docker/Dockerfile.redis | 2 +- docs/release-notes.rst | 4 ++++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/container-tag.yaml b/container-tag.yaml index 8dc7327..2d99579 100644 --- a/container-tag.yaml +++ b/container-tag.yaml @@ -2,4 +2,4 @@ # This file is expected to be in the docker build directory; # can be moved with suitable JJB configuration. --- -tag: '0.6.1' +tag: '0.6.2' diff --git a/docker/Dockerfile.redis b/docker/Dockerfile.redis index 6d85ef2..c57d936 100644 --- a/docker/Dockerfile.redis +++ b/docker/Dockerfile.redis @@ -78,7 +78,7 @@ RUN cd /go/src && \ cd sdlgo && \ go build -v -o /usr/local/bin/sdlcli cmd/sdlcli/main.go -FROM redis:6.2.6-alpine3.15 as build +FROM redis:6.2.7-alpine3.15 as build RUN apk --update add --upgrade --no-cache \ apk-tools \ diff --git a/docs/release-notes.rst b/docs/release-notes.rst index 1ec031c..1773e15 100644 --- a/docs/release-notes.rst +++ b/docs/release-notes.rst @@ -30,6 +30,10 @@ This document provides the release notes of the dbaas. Version history --------------- +[0.6.2] - 2022-07-14 + +* Bump to Redis 6.2.7 to fix security vulnerabilities reported in Redis base image 6.2.6 + [0.6.1] - 2022-03-21 * Upgrade v0.10.0 SDLGO tag for sdlcli and make DBAAS 0.6.1 tag -- 2.16.6