From e0c62e5c50233eb1fc0d1fb6dd072f004ebacad2 Mon Sep 17 00:00:00 2001 From: Hui Wang Date: Tue, 23 Jul 2024 19:20:06 +0800 Subject: [PATCH] security: upgrade base docker image (Alpine) from 3.20.1 to 3.20.2 (#6684) See https://www.alpinelinux.org/posts/Alpine-3.20.1-released.html >including security fix for: OpenSSL CVE-2024-5535 --- app/vmui/Dockerfile-web | 2 +- deployment/docker/Makefile | 4 ++-- docs/CHANGELOG.md | 2 ++ 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/app/vmui/Dockerfile-web b/app/vmui/Dockerfile-web index 79a98fb207..66f23cf754 100644 --- a/app/vmui/Dockerfile-web +++ b/app/vmui/Dockerfile-web @@ -6,7 +6,7 @@ COPY web/ /build/ RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o web-amd64 github.com/VictoriMetrics/vmui/ && \ GOOS=windows GOARCH=amd64 CGO_ENABLED=0 go build -o web-windows github.com/VictoriMetrics/vmui/ -FROM alpine:3.20.1 +FROM alpine:3.20.2 USER root COPY --from=build-web-stage /build/web-amd64 /app/web diff --git a/deployment/docker/Makefile b/deployment/docker/Makefile index 07470e48d5..358337f591 100644 --- a/deployment/docker/Makefile +++ b/deployment/docker/Makefile @@ -2,9 +2,9 @@ DOCKER_NAMESPACE ?= victoriametrics -ROOT_IMAGE ?= alpine:3.20.1 +ROOT_IMAGE ?= alpine:3.20.2 ROOT_IMAGE_SCRATCH ?= scratch -CERTS_IMAGE := alpine:3.20.1 +CERTS_IMAGE := alpine:3.20.2 GO_BUILDER_IMAGE := golang:1.22.5-alpine BUILDER_IMAGE := local/builder:2.0.0-$(shell echo $(GO_BUILDER_IMAGE) | tr :/ __)-1 diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index 8ea315d7b2..4d801865d4 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -33,6 +33,8 @@ See also [LTS releases](https://docs.victoriametrics.com/lts-releases/). **Update note 1: [vmauth](https://docs.victoriametrics.com/vmauth/) HTTP response code has changed from 503 to 502 for a case when all upstream backends were not available. This was changed to align [vmauth](https://docs.victoriametrics.com/vmauth/) behaviour with other well-known reverse-proxies behaviour. ** +* SECURITY: upgrade base docker image (Alpine) from 3.20.1 to 3.20.2. See [alpine 3.20.2 release notes](https://alpinelinux.org/posts/Alpine-3.20.2-released.html). + * FEATURE: [vmauth](https://docs.victoriametrics.com/vmauth/): add `keep_original_host` option, which can be used for proxying the original `Host` header from client request to the backend. By default the backend host is used as `Host` header when proxying requests to the configured backends. See [these docs](https://docs.victoriametrics.com/vmauth/#host-http-header). * FEATURE: [vmauth](https://docs.victoriametrics.com/vmauth/) now returns HTTP 502 status code when all upstream backends are not available. Previously, it returned HTTP 503 status code. This change aligns vmauth behavior with other well-known reverse-proxies behavior.