Merge pull request #447 from IBM/prep-v0.13.8

Update base image to fix vulnerabilities
IBM · Oct 10, 2023 · 590a15a · 590a15a
2 parents d84cbc0 + 8b7193e
commit 590a15a
Show file tree

Hide file tree

Showing 5 changed files with 19 additions and 14 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -13,6 +13,11 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 
 ## v-next
 
+## v0.13.8
+
+Released 2023-10-10
+
+* Remediates CVE-2023-4527 CVE-2023-4806 CVE-2023-4813 CVE-2023-4911 in glibc
 ## v0.13.7
 
 Released 2023-09-11
@@ -34,23 +39,23 @@ Released 2023-04-11
 
 * Remove vulnerable dependency dgrijalva/jwt-go
 
-## v0.13.4 
+## v0.13.4
 
 Released 2023-03-29
 
 * Update to go-toolset:1.18.9-13
 * Resolves CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 with openssl
 * Resolves CVE-2023-27561 with runc v1.1.15
 
-## v0.13.3 
+## v0.13.3
 
 Released 2023-02-02
 
 * Contributed helm value options: skipCreate certificate issuer (aid seamless upgrade) and optional annotations.
 * Update to go-toolset:1.18.9-8
-* Fixes problem with portieris version in logs showing the golang version 
+* Fixes problem with portieris version in logs showing the golang version
 
-## v0.13.2 
+## v0.13.2
 
 Released 2023-01-25
 

diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,6 @@
-# This first stage of the build uses go-toolset to build the portieris binary creates 
-# a simplified operating system image that satisfies vulnerability scanning requirements 
-FROM --platform=$BUILDPLATFORM registry.access.redhat.com/ubi8/go-toolset:1.19.10-16 as builder
+# This first stage of the build uses go-toolset to build the portieris binary creates
+# a simplified operating system image that satisfies vulnerability scanning requirements
+FROM --platform=$BUILDPLATFORM registry.access.redhat.com/ubi8/go-toolset:1.19.10-16.1696540524 as builder
 ARG PORTIERIS_VERSION=undefined
 
 # switch to root user as we need to run yum and rpm to ensure packages are up to date

diff --git a/Makefile b/Makefile
@@ -1,7 +1,7 @@
 GOFILES=$(shell find . -type f -name '*.go' -not -path "./code-generator/*" -not -path "./pkg/apis/*")
 GOPACKAGES=$(shell go list ./... | grep -v test/ | grep -v pkg/apis/)
 
-VERSION=v0.13.7
+VERSION=v0.13.8
 TAG=$(VERSION)
 GOTAGS='containers_image_openpgp'
 
@@ -17,7 +17,7 @@ deps.jsonl: portieris
 
 nancy: deps.jsonl
 	cat deps.jsonl | nancy --skip-update-check --loud sleuth
- 
+
 detect-secrets:
 	detect-secrets audit .secrets.baseline
 
@@ -26,10 +26,10 @@ image: image.amd64
 image.oci-archive:
 	docker buildx build -o type=oci,dest=./portieris.tar --platform linux/amd64,linux/s390x --build-arg PORTIERIS_VERSION=$(VERSION) -t portieris:$(TAG) .
 
-image.amd64: 
+image.amd64:
 	docker buildx build --load --platform linux/amd64 --build-arg PORTIERIS_VERSION=$(VERSION) -t portieris-amd64-linux:$(TAG) .
 
-image.s390x: 
+image.s390x:
 	docker buildx build --load --platform linux/s390x --build-arg PORTIERIS_VERSION=$(VERSION) -t portieris-s390x-linux:$(TAG) .
 
 test-deps:
@@ -62,7 +62,7 @@ helm.package:
 
 helm.install.local: helm.package
 	-kubectl create ns portieris
-	-kubectl get secret $(PULLSECRET) -o yaml | sed 's/namespace: default/namespace: portieris/' | kubectl create -f - 
+	-kubectl get secret $(PULLSECRET) -o yaml | sed 's/namespace: default/namespace: portieris/' | kubectl create -f -
 	helm install -n portieris portieris $$(pwd)/portieris-$(VERSION).tgz --set image.host=$(HUB) --set image.tag=$(TAG) --set image.pullSecret=$(PULLSECRET)
 
 helm.install: helm.package

diff --git a/helm/portieris/Chart.yaml b/helm/portieris/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v1
 name: portieris
-version: v0.13.7
+version: v0.13.8
 description: Admission Controller webhook for enforcing image trust in your cluster
 maintainers:
   - name: Stuart Hayton

diff --git a/helm/portieris/values.yaml b/helm/portieris/values.yaml
@@ -15,7 +15,7 @@ image:
   host: icr.io/portieris
   pullSecret:
   image: portieris
-  tag: v0.13.7
+  tag: v0.13.8
   pullPolicy: Always
 
 service: