Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[release/2.8 backport] Fix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 #3650

Merged

Conversation

thaJeztah
Copy link
Member

Signed-off-by: Sebastiaan van Stijn <[email protected]>
(cherry picked from commit 9f2bc25)
Signed-off-by: Sebastiaan van Stijn <[email protected]>
@thaJeztah thaJeztah changed the title [release/2.8 backport] Fix CVE-2022-28391 by bumping alpine from 3.15 to 3.16 [release/2.8 backport] Fix CVE-2022-28391 by bumping alpine from 3.14 to 3.16 May 26, 2022
@deleteriousEffect deleteriousEffect merged commit dc5b207 into distribution:release/2.8 May 26, 2022
@thaJeztah thaJeztah deleted the 2.8_bump_alpine branch May 26, 2022 17:17
nrdufour added a commit to nrdufour/home-ops that referenced this pull request Jul 29, 2023
This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [registry](https://github.com/distribution/distribution) | patch | `2.8.1` -> `2.8.2` |

---

### Release Notes

<details>
<summary>distribution/distribution (registry)</summary>

### [`v2.8.2`](https://github.com/distribution/distribution/releases/tag/v2.8.2)

[Compare Source](distribution/distribution@v2.8.1...v2.8.2)

##### What's Changed

-   Revert registry/client: set `Accept: identity` header when getting layers by [@&#8203;ndeloof](https://github.com/ndeloof) in distribution/distribution#3783
-   Parse `http` forbidden as denied by [@&#8203;vvoland](https://github.com/vvoland) in distribution/distribution#3914
-   Fix [CVE-2022-28391](https://www.cve.org/CVERecord?id=CVE-2022-28391) by bumping alpine from 3.14 to 3.16 by [@&#8203;thaJeztah](https://github.com/thaJeztah) ([#&#8203;3650](distribution/distribution#3650))
-   Fix [CVE-2023-2253](https://www.cve.org/CVERecord?id=CVE-2023-2253) runaway allocation on /v2/\_catalog  by [@&#8203;josegomezr](https://github.com/josegomezr) [`521ea3d9`](distribution/distribution@521ea3d)
-   Fix panic in inmemory driver by [@&#8203;wy65701436](https://github.com/wy65701436) in distribution/distribution#3815
-   bump up golang version (alternative) by [@&#8203;thaJeztah](https://github.com/thaJeztah) in distribution/distribution#3903
-   Dockerfile: update xx to v1.2.1 by [@&#8203;thaJeztah](https://github.com/thaJeztah) in distribution/distribution#3907
-   update to go1.19.9 by [@&#8203;thaJeztah](https://github.com/thaJeztah) in distribution/distribution#3908
-   Add code to handle pagination of parts. Fixes max layer size of 10GB bug by [@&#8203;DavidSpek](https://github.com/DavidSpek) in distribution/distribution#3893
-   Dockerfile: fix filenames of artifacts by [@&#8203;thaJeztah](https://github.com/thaJeztah) in distribution/distribution#3911

**Full Changelog**: distribution/distribution@v2.8.1...v2.8.2

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these updates again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNi4yMy4yIiwidXBkYXRlZEluVmVyIjoiMzYuMjMuMiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->

Reviewed-on: https://git.home/nrdufour/home-ops/pulls/20
Co-authored-by: Renovate <[email protected]>
Co-committed-by: Renovate <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants