Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix security issues pointed by Quay #248

Merged

Conversation

FernandesMF
Copy link
Contributor

@FernandesMF FernandesMF commented Sep 27, 2023

Quay is pointing security issues in Freshmaker due to outdated packages. We currently install the latest package versions available for the fedora version in use. Therefore, to fix the issues, we needed to upgrade the fedora version.

Freshmaker was using fedora 37, and after upgrading to fedora 38, a number of issues were resolved. The rest of the issues that are marked as fixable are due to fedora 39 packages, but it won't become GA before a few weeks from now.

With f38, the total number of issues decreased from 21 to 13, and the number of fixable issues fell from 18 to 10. The issues with the packages werkzeug, mako and mod-wsgi were resolved.

Possible concerns

The package python3-krbcontext is only available for f37. I removed it from yum-packages.txt and it didn't seem to impact freshmaker.

Testing remarks

I made a deployment to the dev environment using the initial messages. There were no errors with them nor with any other message after 19h.

JIRA: CWFHEALTH-2317

Copy link
Contributor

@qixiang qixiang left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

BTW, the mypy test failure has been fixed in 9adf421

@FernandesMF FernandesMF force-pushed the fix-quay-security-issues branch from 728172e to 00c0d9f Compare September 28, 2023 20:50
Copy link
Contributor

@ElenaKarolinaSemanova ElenaKarolinaSemanova left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM 👍

Quay is pointing security issues in Freshmaker due to outdated packages. We currently install the
latest package versions available for the fedora version in use. Therefore, to fix the issues,
we needed to upgrade the fedora version.

Freshmaker was using fedora 37, and after upgrading to fedora 38, a number of issues were resolved.
The rest of the issues that are marked as fixable are due to fedora 39 packages, but it won't become
GA before a few weeks from now.

JIRA: CWFHEALTH-2317
@FernandesMF FernandesMF force-pushed the fix-quay-security-issues branch from 00c0d9f to 6685dcd Compare October 3, 2023 18:08
@FernandesMF FernandesMF merged commit 3fdac24 into redhat-exd-rebuilds:main Oct 4, 2023
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants