Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

br: security update br image:1.18.1-alpine to 1.18.9-alpine #40863

Merged
merged 2 commits into from
Feb 14, 2023
Merged

br: security update br image:1.18.1-alpine to 1.18.9-alpine #40863

merged 2 commits into from
Feb 14, 2023

Conversation

xiabee
Copy link
Member

@xiabee xiabee commented Jan 30, 2023

What problem does this PR solve?

Issue Number: Close #39052

Problem Summary:

There are serveral critical vulnerabilities detected in this repository, which located in br/docker/Dockerfile. Now we recommand upgrading the base image of this dockerfile to avoid vulnerabilities.

What is changed and how it works?

Changed the base image of br:

  • br/docker/Dockerfile
  • We recommend upgrading to golang:1.18.9-alpine, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected.

Check List

Tests

  • Unit test
  • Integration test
  • Manual test (add detailed scripts or steps below)
  • No code

Side effects

  • Performance regression: Consumes more CPU
  • Performance regression: Consumes more Memory
  • Breaking backward compatibility

Documentation

  • Affects user behaviors
  • Contains syntax changes
  • Contains variable changes
  • Contains experimental features
  • Changes MySQL compatibility

Release note

Please refer to Release Notes Language Style Guide to write a quality release note.

Just upgrade the base image of BR tool, to fix known vulnerabilities. 
If possible, you can upgrade the base image under the br directory of all branches to this version.

/cc @xhebox ,PTAL

@ti-chi-bot
Copy link
Member

ti-chi-bot commented Jan 30, 2023

[REVIEW NOTIFICATION]

This pull request has been approved by:

  • 3pointer
  • xhebox

To complete the pull request process, please ask the reviewers in the list to review by filling /cc @reviewer in the comment.
After your PR has acquired the required number of LGTMs, you can assign this pull request to the committer in the list by filling /assign @committer in the comment to help you merge this pull request.

The full list of commands accepted by this bot can be found here.

Reviewer can indicate their review by submitting an approval review.
Reviewer can cancel approval by submitting a request changes review.

@ti-chi-bot ti-chi-bot added do-not-merge/needs-linked-issue release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed do-not-merge/needs-linked-issue labels Jan 30, 2023
@jebter jebter requested a review from 3pointer January 30, 2023 09:23
@ti-chi-bot ti-chi-bot added the status/LGT1 Indicates that a PR has LGTM 1. label Jan 31, 2023
@ti-chi-bot ti-chi-bot added needs-cherry-pick-release-6.1 Should cherry pick this PR to release-6.1 branch. needs-cherry-pick-release-6.5 Should cherry pick this PR to release-6.5 branch. needs-cherry-pick-release-6.6 labels Feb 1, 2023
@wuhuizuo
Copy link
Contributor

wuhuizuo commented Feb 1, 2023

/retest

@ti-chi-bot ti-chi-bot added status/LGT2 Indicates that a PR has LGTM 2. and removed status/LGT1 Indicates that a PR has LGTM 1. labels Feb 14, 2023
@xhebox
Copy link
Contributor

xhebox commented Feb 14, 2023

/merge

@ti-chi-bot
Copy link
Member

This pull request has been accepted and is ready to merge.

Commit hash: d0b4fe1

@ti-chi-bot ti-chi-bot added the status/can-merge Indicates a PR has been approved by a committer. label Feb 14, 2023
@ti-chi-bot ti-chi-bot merged commit 5999b2c into pingcap:master Feb 14, 2023
@ti-chi-bot
Copy link
Member

In response to a cherrypick label: new pull request created to branch release-6.5: #41386.

@ti-chi-bot
Copy link
Member

In response to a cherrypick label: new pull request created to branch release-6.6: #41388.

@ti-chi-bot
Copy link
Member

In response to a cherrypick label: new pull request created to branch release-6.1: #41390.

ti-chi-bot pushed a commit to ti-chi-bot/tidb that referenced this pull request Feb 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
needs-cherry-pick-release-6.1 Should cherry pick this PR to release-6.1 branch. needs-cherry-pick-release-6.5 Should cherry pick this PR to release-6.5 branch. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. status/can-merge Indicates a PR has been approved by a committer. status/LGT2 Indicates that a PR has LGTM 2.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Security upgrade golang from 1.18.1-alpine to 1.18.9-alpine
5 participants