Bump Redis to 6.2.7 to fix security vulnerability

Fix following security vulnerability tickets by taking to use Redis
runner base container image version 6.2.7:
  https://nvd.nist.gov/vuln/detail/CVE-2022-24735
  https://nvd.nist.gov/vuln/detail/CVE-2022-24736

New DBAAS container version 0.6.2 will be built on top of Redis 6.2.7.

Issue-Id: RIC-927

Signed-off-by: Timo Tietavainen <timo.tietavainen@nokia.com>
Change-Id: Ib4fa78c4319d0419060a45e69dacc88f7346b8e7

diff --git a/container-tag.yaml b/container-tag.yaml
index 8dc7327..2d99579 100644 (file)
--- a/container-tag.yaml
+++ b/container-tag.yaml
@@ -2,4 +2,4 @@
 # This file is expected to be in the docker build directory;
 # can be moved with suitable JJB configuration.
 ---
-tag: '0.6.1'
+tag: '0.6.2'

diff --git a/docker/Dockerfile.redis b/docker/Dockerfile.redis
index 6d85ef2..c57d936 100644 (file)
--- a/docker/Dockerfile.redis
+++ b/docker/Dockerfile.redis
@@ -78,7 +78,7 @@ RUN cd /go/src && \
     cd sdlgo && \
     go build -v -o /usr/local/bin/sdlcli cmd/sdlcli/main.go
 
-FROM redis:6.2.6-alpine3.15 as build
+FROM redis:6.2.7-alpine3.15 as build
 
 RUN apk --update add --upgrade --no-cache \
     apk-tools \

diff --git a/docs/release-notes.rst b/docs/release-notes.rst
index 1ec031c..1773e15 100644 (file)
--- a/docs/release-notes.rst
+++ b/docs/release-notes.rst
@@ -30,6 +30,10 @@ This document provides the release notes of the dbaas.
 Version history
 ---------------
 
+[0.6.2] - 2022-07-14
+
+* Bump to Redis 6.2.7 to fix security vulnerabilities reported in Redis base image 6.2.6
+
 [0.6.1] - 2022-03-21
 
 * Upgrade v0.10.0 SDLGO tag for sdlcli and make DBAAS 0.6.1 tag