Commit released Helm Chart and docs for TrueCharts
Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
@@ -1,10 +1,19 @@
|
||||
# Changelog<br>
|
||||
|
||||
|
||||
<a name="docker-compose-0.0.2"></a>
|
||||
### [docker-compose-0.0.2](https://github.com/truecharts/apps/compare/docker-compose-0.0.1...docker-compose-0.0.2) (2022-02-24)
|
||||
|
||||
#### Chore
|
||||
|
||||
* rename `web_portal` to `open` ([#1957](https://github.com/truecharts/apps/issues/1957))
|
||||
* Update adding tc catalog ([#1956](https://github.com/truecharts/apps/issues/1956))
|
||||
|
||||
|
||||
|
||||
<a name="docker-compose-0.0.1"></a>
|
||||
### docker-compose-0.0.1 (2022-02-24)
|
||||
|
||||
#### Feat
|
||||
|
||||
* add a dedicated App for using Docker-Compose ([#1954](https://github.com/truecharts/apps/issues/1954))
|
||||
|
||||
|
||||
@@ -22,7 +22,7 @@ You will, however, be able to use all values referenced in the common chart here
|
||||
| hostNetwork | bool | `true` | |
|
||||
| image.pullPolicy | string | `"IfNotPresent"` | |
|
||||
| image.repository | string | `"tccr.io/truecharts/docker-in-docker"` | |
|
||||
| image.tag | string | `"v20.10.12@sha256:e672e85d8141beffea3f7e5b97c79a2bca726bde478474e845fc338a08a1092f"` | |
|
||||
| image.tag | string | `"v20.10.12@sha256:c62daf2fbd0b520a5849a5b463b059207e3669c892131eff1f0cf22d3b053deb"` | |
|
||||
| persistence.docker-certs-ca.enabled | bool | `true` | |
|
||||
| persistence.docker-certs-ca.mountPath | string | `"/config"` | |
|
||||
| persistence.mnt.enabled | bool | `true` | |
|
||||
|
||||
@@ -12,9 +12,9 @@ hide:
|
||||
##### Scan Results
|
||||
|
||||
#### Chart Object: docker-compose/templates/common.yaml
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
| Type | Misconfiguration ID | Check | Severity | Explaination | Links |
|
||||
|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
|
||||
| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | <details><summary>Expand...</summary> A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node. <br> <hr> <br> Container 'RELEASE-NAME-docker-compose' of StatefulSet 'RELEASE-NAME-docker-compose' should set 'securityContext.allowPrivilegeEscalation' to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv001">https://avd.aquasec.com/appshield/ksv001</a><br></details> |
|
||||
@@ -49,17 +49,17 @@ hide:
|
||||
|
||||
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
|
||||
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
|
||||
tccr.io/truecharts/docker-in-docker:v20.10.12@sha256:e672e85d8141beffea3f7e5b97c79a2bca726bde478474e845fc338a08a1092f
|
||||
tccr.io/truecharts/docker-in-docker:v20.10.12@sha256:c62daf2fbd0b520a5849a5b463b059207e3669c892131eff1f0cf22d3b053deb
|
||||
|
||||
##### Scan Results
|
||||
|
||||
|
||||
#### Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2)
|
||||
|
||||
|
||||
|
||||
**alpine**
|
||||
|
||||
|
||||
|
||||
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|
||||
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
|
||||
| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
@@ -87,11 +87,11 @@ hide:
|
||||
|
||||
|
||||
#### Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2)
|
||||
|
||||
|
||||
|
||||
**alpine**
|
||||
|
||||
|
||||
|
||||
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|
||||
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
|
||||
| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
@@ -118,4 +118,17 @@ hide:
|
||||
| ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br></details> |
|
||||
|
||||
|
||||
#### Container: tccr.io/truecharts/docker-in-docker:v20.10.12@sha256:c62daf2fbd0b520a5849a5b463b059207e3669c892131eff1f0cf22d3b053deb (alpine 3.15.0)
|
||||
|
||||
|
||||
**alpine**
|
||||
|
||||
|
||||
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|
||||
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
|
||||
| libblkid | CVE-2021-3995 | MEDIUM | 2.37.2-r1 | 2.37.3-r0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995</a><br><a href="https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes">https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes</a><br><a href="https://ubuntu.com/security/notices/USN-5279-1">https://ubuntu.com/security/notices/USN-5279-1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/01/24/2">https://www.openwall.com/lists/oss-security/2022/01/24/2</a><br></details> |
|
||||
| libblkid | CVE-2021-3996 | MEDIUM | 2.37.2-r1 | 2.37.3-r0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996</a><br><a href="https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes">https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes</a><br><a href="https://ubuntu.com/security/notices/USN-5279-1">https://ubuntu.com/security/notices/USN-5279-1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/01/24/2">https://www.openwall.com/lists/oss-security/2022/01/24/2</a><br></details> |
|
||||
| libblkid | CVE-2022-0563 | MEDIUM | 2.37.2-r1 | 2.37.4-r0 | <details><summary>Expand...</summary><a href="https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u">https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u</a><br></details> |
|
||||
| libuuid | CVE-2021-3995 | MEDIUM | 2.37.2-r1 | 2.37.3-r0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995</a><br><a href="https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes">https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes</a><br><a href="https://ubuntu.com/security/notices/USN-5279-1">https://ubuntu.com/security/notices/USN-5279-1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/01/24/2">https://www.openwall.com/lists/oss-security/2022/01/24/2</a><br></details> |
|
||||
| libuuid | CVE-2021-3996 | MEDIUM | 2.37.2-r1 | 2.37.3-r0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996</a><br><a href="https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes">https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes</a><br><a href="https://ubuntu.com/security/notices/USN-5279-1">https://ubuntu.com/security/notices/USN-5279-1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/01/24/2">https://www.openwall.com/lists/oss-security/2022/01/24/2</a><br></details> |
|
||||
| libuuid | CVE-2022-0563 | MEDIUM | 2.37.2-r1 | 2.37.4-r0 | <details><summary>Expand...</summary><a href="https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u">https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u</a><br></details> |
|
||||
|
||||
@@ -1,6 +1,19 @@
|
||||
# Changelog<br>
|
||||
|
||||
|
||||
<a name="pydio-cells-1.0.4"></a>
|
||||
### [pydio-cells-1.0.4](https://github.com/truecharts/apps/compare/pydio-cells-1.0.3...pydio-cells-1.0.4) (2022-02-24)
|
||||
|
||||
#### Chore
|
||||
|
||||
* rename `web_portal` to `open` ([#1957](https://github.com/truecharts/apps/issues/1957))
|
||||
|
||||
#### Fix
|
||||
|
||||
* Use different port for healthcheck ([#1949](https://github.com/truecharts/apps/issues/1949))
|
||||
|
||||
|
||||
|
||||
<a name="pydio-cells-1.0.3"></a>
|
||||
### [pydio-cells-1.0.3](https://github.com/truecharts/apps/compare/pydio-cells-1.0.2...pydio-cells-1.0.3) (2022-02-23)
|
||||
|
||||
|
||||
@@ -11,11 +11,11 @@ You will, however, be able to use all values referenced in the common chart here
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| env.CELLS_BIND | string | `"0.0.0.0:{{ .Values.service.main.ports.main.targetPort }}"` | |
|
||||
| env.CELLS_BIND | string | `"0.0.0.0:{{ .Values.service.main.ports.main.port }}"` | |
|
||||
| env.CELLS_DATA_DIR | string | `"/cells/data"` | |
|
||||
| env.CELLS_EXTERNAL | string | `""` | |
|
||||
| env.CELLS_GRPC_EXTERNAL | string | `"{{ .Values.service.gprc.ports.gprc.targetPort }}"` | |
|
||||
| env.CELLS_HEALTHCHECK | string | `"{{ .Values.service.main.ports.main.targetPort }}"` | |
|
||||
| env.CELLS_GRPC_EXTERNAL | string | `"{{ .Values.service.gprc.ports.gprc.port }}"` | |
|
||||
| env.CELLS_HEALTHCHECK | string | `"{{ .Values.service.healthcheck.ports.healthcheck.port }}"` | |
|
||||
| env.CELLS_INSTALL_YAML | string | `"/cells/install.yml"` | |
|
||||
| env.CELLS_LOG_DIR | string | `"/cells/logs"` | |
|
||||
| env.CELLS_SERVICES_DIR | string | `"/cells/services"` | |
|
||||
@@ -35,18 +35,32 @@ You will, however, be able to use all values referenced in the common chart here
|
||||
| persistence.logs.mountPath | string | `"/cells/logs"` | |
|
||||
| persistence.services.enabled | bool | `true` | |
|
||||
| persistence.services.mountPath | string | `"/cells/services"` | |
|
||||
| probes.liveness.path | string | `"/healthcheck"` | |
|
||||
| probes.readiness.path | string | `"/healthcheck"` | |
|
||||
| probes.startup.path | string | `"/healthcheck"` | |
|
||||
| podSecurityContext.runAsGroup | int | `0` | |
|
||||
| podSecurityContext.runAsUser | int | `0` | |
|
||||
| probes.liveness.custom | bool | `true` | |
|
||||
| probes.liveness.spec.httpGet.path | string | `"/healthcheck"` | |
|
||||
| probes.liveness.spec.httpGet.port | int | `10162` | |
|
||||
| probes.liveness.spec.httpGet.scheme | string | `"HTTP"` | |
|
||||
| probes.readiness.custom | bool | `true` | |
|
||||
| probes.readiness.spec.httpGet.path | string | `"/healthcheck"` | |
|
||||
| probes.readiness.spec.httpGet.port | int | `10162` | |
|
||||
| probes.readiness.spec.httpGet.scheme | string | `"HTTP"` | |
|
||||
| probes.startup.custom | bool | `true` | |
|
||||
| probes.startup.spec.httpGet.path | string | `"/healthcheck"` | |
|
||||
| probes.startup.spec.httpGet.port | int | `10162` | |
|
||||
| probes.startup.spec.httpGet.scheme | string | `"HTTP"` | |
|
||||
| pydioinstall.password | string | `"supersecret"` | |
|
||||
| pydioinstall.title | string | `"Pydio Cells"` | |
|
||||
| pydioinstall.username | string | `"admin"` | |
|
||||
| securityContext.readOnlyRootFilesystem | bool | `false` | |
|
||||
| securityContext.runAsNonRoot | bool | `false` | |
|
||||
| service.gprc.enabled | bool | `true` | |
|
||||
| service.gprc.ports.gprc.enabled | bool | `true` | |
|
||||
| service.gprc.ports.gprc.port | int | `33060` | |
|
||||
| service.gprc.ports.gprc.targetPort | int | `33060` | |
|
||||
| service.healthcheck.enabled | bool | `true` | |
|
||||
| service.healthcheck.ports.healthcheck.enabled | bool | `true` | |
|
||||
| service.healthcheck.ports.healthcheck.port | int | `10162` | |
|
||||
| service.main.ports.main.port | int | `10150` | |
|
||||
| service.main.ports.main.protocol | string | `"HTTPS"` | |
|
||||
| service.main.ports.main.targetPort | int | `10150` | |
|
||||
|
||||
All Rights Reserved - The TrueCharts Project
|
||||
|
||||
@@ -45,8 +45,10 @@ hide:
|
||||
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container 'RELEASE-NAME-pydio-cells' of Deployment 'RELEASE-NAME-pydio-cells' should add 'ALL' to 'securityContext.capabilities.drop' </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
|
||||
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container 'inotify' of Deployment 'RELEASE-NAME-pydio-cells' should add 'ALL' to 'securityContext.capabilities.drop' </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
|
||||
| Kubernetes Security Check | KSV011 | CPU not limited | LOW | <details><summary>Expand...</summary> Enforcing CPU limits prevents DoS via resource exhaustion. <br> <hr> <br> Container 'inotify' of Deployment 'RELEASE-NAME-pydio-cells' should set 'resources.limits.cpu' </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv011">https://avd.aquasec.com/appshield/ksv011</a><br></details> |
|
||||
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container 'RELEASE-NAME-pydio-cells' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.runAsNonRoot' to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
|
||||
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container 'autopermissions' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.runAsNonRoot' to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
|
||||
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container 'inotify' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.runAsNonRoot' to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
|
||||
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container 'RELEASE-NAME-pydio-cells' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.readOnlyRootFilesystem' to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
|
||||
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container 'autopermissions' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.readOnlyRootFilesystem' to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
|
||||
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container 'inotify' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.readOnlyRootFilesystem' to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
|
||||
| Kubernetes Security Check | KSV015 | CPU requests not specified | LOW | <details><summary>Expand...</summary> When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. <br> <hr> <br> Container 'inotify' of Deployment 'RELEASE-NAME-pydio-cells' should set 'resources.requests.cpu' </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv015">https://avd.aquasec.com/appshield/ksv015</a><br></details> |
|
||||
@@ -327,8 +329,8 @@ hide:
|
||||
| libpcre3 | CVE-2017-7245 | LOW | 2:8.39-12 | | <details><summary>Expand...</summary><a href="http://www.securityfocus.com/bid/97067">http://www.securityfocus.com/bid/97067</a><br><a href="https://access.redhat.com/errata/RHSA-2018:2486">https://access.redhat.com/errata/RHSA-2018:2486</a><br><a href="https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/">https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/</a><br><a href="https://security.gentoo.org/glsa/201710-25">https://security.gentoo.org/glsa/201710-25</a><br></details> |
|
||||
| libpcre3 | CVE-2017-7246 | LOW | 2:8.39-12 | | <details><summary>Expand...</summary><a href="http://www.securityfocus.com/bid/97067">http://www.securityfocus.com/bid/97067</a><br><a href="https://access.redhat.com/errata/RHSA-2018:2486">https://access.redhat.com/errata/RHSA-2018:2486</a><br><a href="https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/">https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/</a><br><a href="https://security.gentoo.org/glsa/201710-25">https://security.gentoo.org/glsa/201710-25</a><br></details> |
|
||||
| libpcre3 | CVE-2019-20838 | LOW | 2:8.39-12 | | <details><summary>Expand...</summary><a href="http://seclists.org/fulldisclosure/2020/Dec/32">http://seclists.org/fulldisclosure/2020/Dec/32</a><br><a href="http://seclists.org/fulldisclosure/2021/Feb/14">http://seclists.org/fulldisclosure/2021/Feb/14</a><br><a href="https://bugs.gentoo.org/717920">https://bugs.gentoo.org/717920</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838</a><br><a href="https://linux.oracle.com/cve/CVE-2019-20838.html">https://linux.oracle.com/cve/CVE-2019-20838.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4373.html">https://linux.oracle.com/errata/ELSA-2021-4373.html</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br><a href="https://support.apple.com/kb/HT211931">https://support.apple.com/kb/HT211931</a><br><a href="https://support.apple.com/kb/HT212147">https://support.apple.com/kb/HT212147</a><br><a href="https://www.pcre.org/original/changelog.txt">https://www.pcre.org/original/changelog.txt</a><br></details> |
|
||||
| libsasl2-2 | CVE-2022-24407 | HIGH | 2.1.27+dfsg-1+deb10u1 | | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407</a><br><a href="https://ubuntu.com/security/notices/USN-5301-1">https://ubuntu.com/security/notices/USN-5301-1</a><br><a href="https://ubuntu.com/security/notices/USN-5301-2">https://ubuntu.com/security/notices/USN-5301-2</a><br></details> |
|
||||
| libsasl2-modules-db | CVE-2022-24407 | HIGH | 2.1.27+dfsg-1+deb10u1 | | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407</a><br><a href="https://ubuntu.com/security/notices/USN-5301-1">https://ubuntu.com/security/notices/USN-5301-1</a><br><a href="https://ubuntu.com/security/notices/USN-5301-2">https://ubuntu.com/security/notices/USN-5301-2</a><br></details> |
|
||||
| libsasl2-2 | CVE-2022-24407 | CRITICAL | 2.1.27+dfsg-1+deb10u1 | | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407</a><br><a href="https://linux.oracle.com/cve/CVE-2022-24407.html">https://linux.oracle.com/cve/CVE-2022-24407.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-0658.html">https://linux.oracle.com/errata/ELSA-2022-0658.html</a><br><a href="https://ubuntu.com/security/notices/USN-5301-1">https://ubuntu.com/security/notices/USN-5301-1</a><br><a href="https://ubuntu.com/security/notices/USN-5301-2">https://ubuntu.com/security/notices/USN-5301-2</a><br><a href="https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28">https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28</a><br></details> |
|
||||
| libsasl2-modules-db | CVE-2022-24407 | CRITICAL | 2.1.27+dfsg-1+deb10u1 | | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407</a><br><a href="https://linux.oracle.com/cve/CVE-2022-24407.html">https://linux.oracle.com/cve/CVE-2022-24407.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-0658.html">https://linux.oracle.com/errata/ELSA-2022-0658.html</a><br><a href="https://ubuntu.com/security/notices/USN-5301-1">https://ubuntu.com/security/notices/USN-5301-1</a><br><a href="https://ubuntu.com/security/notices/USN-5301-2">https://ubuntu.com/security/notices/USN-5301-2</a><br><a href="https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28">https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28</a><br></details> |
|
||||
| libseccomp2 | CVE-2019-9893 | LOW | 2.3.3-4 | | <details><summary>Expand...</summary><a href="http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00022.html">http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00022.html</a><br><a href="http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00027.html">http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00027.html</a><br><a href="http://www.paul-moore.com/blog/d/2019/03/libseccomp_v240.html">http://www.paul-moore.com/blog/d/2019/03/libseccomp_v240.html</a><br><a href="https://access.redhat.com/errata/RHSA-2019:3624">https://access.redhat.com/errata/RHSA-2019:3624</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893</a><br><a href="https://github.com/seccomp/libseccomp/issues/139">https://github.com/seccomp/libseccomp/issues/139</a><br><a href="https://linux.oracle.com/cve/CVE-2019-9893.html">https://linux.oracle.com/cve/CVE-2019-9893.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2019-3624.html">https://linux.oracle.com/errata/ELSA-2019-3624.html</a><br><a href="https://seclists.org/oss-sec/2019/q1/179">https://seclists.org/oss-sec/2019/q1/179</a><br><a href="https://security.gentoo.org/glsa/201904-18">https://security.gentoo.org/glsa/201904-18</a><br><a href="https://ubuntu.com/security/notices/USN-4001-1">https://ubuntu.com/security/notices/USN-4001-1</a><br><a href="https://ubuntu.com/security/notices/USN-4001-2">https://ubuntu.com/security/notices/USN-4001-2</a><br><a href="https://usn.ubuntu.com/4001-1/">https://usn.ubuntu.com/4001-1/</a><br><a href="https://usn.ubuntu.com/4001-2/">https://usn.ubuntu.com/4001-2/</a><br><a href="https://www.openwall.com/lists/oss-security/2019/03/15/1">https://www.openwall.com/lists/oss-security/2019/03/15/1</a><br></details> |
|
||||
| libsepol1 | CVE-2021-36084 | LOW | 2.8-1 | | <details><summary>Expand...</summary><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084</a><br><a href="https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3">https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3</a><br><a href="https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml">https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36084.html">https://linux.oracle.com/cve/CVE-2021-36084.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4513.html">https://linux.oracle.com/errata/ELSA-2021-4513.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/</a><br></details> |
|
||||
| libsepol1 | CVE-2021-36085 | LOW | 2.8-1 | | <details><summary>Expand...</summary><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085</a><br><a href="https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba">https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba</a><br><a href="https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml">https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36085.html">https://linux.oracle.com/cve/CVE-2021-36085.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4513.html">https://linux.oracle.com/errata/ELSA-2021-4513.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/</a><br></details> |
|
||||
|
||||
@@ -1,10 +1,19 @@
|
||||
# Changelog<br>
|
||||
|
||||
|
||||
<a name="docker-compose-0.0.2"></a>
|
||||
### [docker-compose-0.0.2](https://github.com/truecharts/apps/compare/docker-compose-0.0.1...docker-compose-0.0.2) (2022-02-24)
|
||||
|
||||
#### Chore
|
||||
|
||||
* rename `web_portal` to `open` ([#1957](https://github.com/truecharts/apps/issues/1957))
|
||||
* Update adding tc catalog ([#1956](https://github.com/truecharts/apps/issues/1956))
|
||||
|
||||
|
||||
|
||||
<a name="docker-compose-0.0.1"></a>
|
||||
### docker-compose-0.0.1 (2022-02-24)
|
||||
|
||||
#### Feat
|
||||
|
||||
* add a dedicated App for using Docker-Compose ([#1954](https://github.com/truecharts/apps/issues/1954))
|
||||
|
||||
|
||||
@@ -22,7 +22,7 @@ You will, however, be able to use all values referenced in the common chart here
|
||||
| hostNetwork | bool | `true` | |
|
||||
| image.pullPolicy | string | `"IfNotPresent"` | |
|
||||
| image.repository | string | `"tccr.io/truecharts/docker-in-docker"` | |
|
||||
| image.tag | string | `"v20.10.12@sha256:e672e85d8141beffea3f7e5b97c79a2bca726bde478474e845fc338a08a1092f"` | |
|
||||
| image.tag | string | `"v20.10.12@sha256:c62daf2fbd0b520a5849a5b463b059207e3669c892131eff1f0cf22d3b053deb"` | |
|
||||
| persistence.docker-certs-ca.enabled | bool | `true` | |
|
||||
| persistence.docker-certs-ca.mountPath | string | `"/config"` | |
|
||||
| persistence.mnt.enabled | bool | `true` | |
|
||||
|
||||
@@ -12,9 +12,9 @@ hide:
|
||||
##### Scan Results
|
||||
|
||||
#### Chart Object: docker-compose/templates/common.yaml
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
| Type | Misconfiguration ID | Check | Severity | Explaination | Links |
|
||||
|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
|
||||
| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | <details><summary>Expand...</summary> A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node. <br> <hr> <br> Container 'RELEASE-NAME-docker-compose' of StatefulSet 'RELEASE-NAME-docker-compose' should set 'securityContext.allowPrivilegeEscalation' to false </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv001">https://avd.aquasec.com/appshield/ksv001</a><br></details> |
|
||||
@@ -49,17 +49,17 @@ hide:
|
||||
|
||||
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
|
||||
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
|
||||
tccr.io/truecharts/docker-in-docker:v20.10.12@sha256:e672e85d8141beffea3f7e5b97c79a2bca726bde478474e845fc338a08a1092f
|
||||
tccr.io/truecharts/docker-in-docker:v20.10.12@sha256:c62daf2fbd0b520a5849a5b463b059207e3669c892131eff1f0cf22d3b053deb
|
||||
|
||||
##### Scan Results
|
||||
|
||||
|
||||
#### Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2)
|
||||
|
||||
|
||||
|
||||
**alpine**
|
||||
|
||||
|
||||
|
||||
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|
||||
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
|
||||
| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
@@ -87,11 +87,11 @@ hide:
|
||||
|
||||
|
||||
#### Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2)
|
||||
|
||||
|
||||
|
||||
**alpine**
|
||||
|
||||
|
||||
|
||||
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|
||||
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
|
||||
| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378</a><br><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br><a href="https://ubuntu.com/security/notices/USN-5179-1">https://ubuntu.com/security/notices/USN-5179-1</a><br></details> |
|
||||
@@ -118,4 +118,17 @@ hide:
|
||||
| ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 | <details><summary>Expand...</summary><a href="https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/">https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/</a><br><a href="https://security.netapp.com/advisory/ntap-20211223-0002/">https://security.netapp.com/advisory/ntap-20211223-0002/</a><br></details> |
|
||||
|
||||
|
||||
#### Container: tccr.io/truecharts/docker-in-docker:v20.10.12@sha256:c62daf2fbd0b520a5849a5b463b059207e3669c892131eff1f0cf22d3b053deb (alpine 3.15.0)
|
||||
|
||||
|
||||
**alpine**
|
||||
|
||||
|
||||
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|
||||
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
|
||||
| libblkid | CVE-2021-3995 | MEDIUM | 2.37.2-r1 | 2.37.3-r0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995</a><br><a href="https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes">https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes</a><br><a href="https://ubuntu.com/security/notices/USN-5279-1">https://ubuntu.com/security/notices/USN-5279-1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/01/24/2">https://www.openwall.com/lists/oss-security/2022/01/24/2</a><br></details> |
|
||||
| libblkid | CVE-2021-3996 | MEDIUM | 2.37.2-r1 | 2.37.3-r0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996</a><br><a href="https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes">https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes</a><br><a href="https://ubuntu.com/security/notices/USN-5279-1">https://ubuntu.com/security/notices/USN-5279-1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/01/24/2">https://www.openwall.com/lists/oss-security/2022/01/24/2</a><br></details> |
|
||||
| libblkid | CVE-2022-0563 | MEDIUM | 2.37.2-r1 | 2.37.4-r0 | <details><summary>Expand...</summary><a href="https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u">https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u</a><br></details> |
|
||||
| libuuid | CVE-2021-3995 | MEDIUM | 2.37.2-r1 | 2.37.3-r0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995</a><br><a href="https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes">https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes</a><br><a href="https://ubuntu.com/security/notices/USN-5279-1">https://ubuntu.com/security/notices/USN-5279-1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/01/24/2">https://www.openwall.com/lists/oss-security/2022/01/24/2</a><br></details> |
|
||||
| libuuid | CVE-2021-3996 | MEDIUM | 2.37.2-r1 | 2.37.3-r0 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996</a><br><a href="https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes">https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes</a><br><a href="https://ubuntu.com/security/notices/USN-5279-1">https://ubuntu.com/security/notices/USN-5279-1</a><br><a href="https://www.openwall.com/lists/oss-security/2022/01/24/2">https://www.openwall.com/lists/oss-security/2022/01/24/2</a><br></details> |
|
||||
| libuuid | CVE-2022-0563 | MEDIUM | 2.37.2-r1 | 2.37.4-r0 | <details><summary>Expand...</summary><a href="https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u">https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u</a><br></details> |
|
||||
|
||||
@@ -1,6 +1,19 @@
|
||||
# Changelog<br>
|
||||
|
||||
|
||||
<a name="pydio-cells-1.0.4"></a>
|
||||
### [pydio-cells-1.0.4](https://github.com/truecharts/apps/compare/pydio-cells-1.0.3...pydio-cells-1.0.4) (2022-02-24)
|
||||
|
||||
#### Chore
|
||||
|
||||
* rename `web_portal` to `open` ([#1957](https://github.com/truecharts/apps/issues/1957))
|
||||
|
||||
#### Fix
|
||||
|
||||
* Use different port for healthcheck ([#1949](https://github.com/truecharts/apps/issues/1949))
|
||||
|
||||
|
||||
|
||||
<a name="pydio-cells-1.0.3"></a>
|
||||
### [pydio-cells-1.0.3](https://github.com/truecharts/apps/compare/pydio-cells-1.0.2...pydio-cells-1.0.3) (2022-02-23)
|
||||
|
||||
|
||||
@@ -11,11 +11,11 @@ You will, however, be able to use all values referenced in the common chart here
|
||||
|
||||
| Key | Type | Default | Description |
|
||||
|-----|------|---------|-------------|
|
||||
| env.CELLS_BIND | string | `"0.0.0.0:{{ .Values.service.main.ports.main.targetPort }}"` | |
|
||||
| env.CELLS_BIND | string | `"0.0.0.0:{{ .Values.service.main.ports.main.port }}"` | |
|
||||
| env.CELLS_DATA_DIR | string | `"/cells/data"` | |
|
||||
| env.CELLS_EXTERNAL | string | `""` | |
|
||||
| env.CELLS_GRPC_EXTERNAL | string | `"{{ .Values.service.gprc.ports.gprc.targetPort }}"` | |
|
||||
| env.CELLS_HEALTHCHECK | string | `"{{ .Values.service.main.ports.main.targetPort }}"` | |
|
||||
| env.CELLS_GRPC_EXTERNAL | string | `"{{ .Values.service.gprc.ports.gprc.port }}"` | |
|
||||
| env.CELLS_HEALTHCHECK | string | `"{{ .Values.service.healthcheck.ports.healthcheck.port }}"` | |
|
||||
| env.CELLS_INSTALL_YAML | string | `"/cells/install.yml"` | |
|
||||
| env.CELLS_LOG_DIR | string | `"/cells/logs"` | |
|
||||
| env.CELLS_SERVICES_DIR | string | `"/cells/services"` | |
|
||||
@@ -35,18 +35,32 @@ You will, however, be able to use all values referenced in the common chart here
|
||||
| persistence.logs.mountPath | string | `"/cells/logs"` | |
|
||||
| persistence.services.enabled | bool | `true` | |
|
||||
| persistence.services.mountPath | string | `"/cells/services"` | |
|
||||
| probes.liveness.path | string | `"/healthcheck"` | |
|
||||
| probes.readiness.path | string | `"/healthcheck"` | |
|
||||
| probes.startup.path | string | `"/healthcheck"` | |
|
||||
| podSecurityContext.runAsGroup | int | `0` | |
|
||||
| podSecurityContext.runAsUser | int | `0` | |
|
||||
| probes.liveness.custom | bool | `true` | |
|
||||
| probes.liveness.spec.httpGet.path | string | `"/healthcheck"` | |
|
||||
| probes.liveness.spec.httpGet.port | int | `10162` | |
|
||||
| probes.liveness.spec.httpGet.scheme | string | `"HTTP"` | |
|
||||
| probes.readiness.custom | bool | `true` | |
|
||||
| probes.readiness.spec.httpGet.path | string | `"/healthcheck"` | |
|
||||
| probes.readiness.spec.httpGet.port | int | `10162` | |
|
||||
| probes.readiness.spec.httpGet.scheme | string | `"HTTP"` | |
|
||||
| probes.startup.custom | bool | `true` | |
|
||||
| probes.startup.spec.httpGet.path | string | `"/healthcheck"` | |
|
||||
| probes.startup.spec.httpGet.port | int | `10162` | |
|
||||
| probes.startup.spec.httpGet.scheme | string | `"HTTP"` | |
|
||||
| pydioinstall.password | string | `"supersecret"` | |
|
||||
| pydioinstall.title | string | `"Pydio Cells"` | |
|
||||
| pydioinstall.username | string | `"admin"` | |
|
||||
| securityContext.readOnlyRootFilesystem | bool | `false` | |
|
||||
| securityContext.runAsNonRoot | bool | `false` | |
|
||||
| service.gprc.enabled | bool | `true` | |
|
||||
| service.gprc.ports.gprc.enabled | bool | `true` | |
|
||||
| service.gprc.ports.gprc.port | int | `33060` | |
|
||||
| service.gprc.ports.gprc.targetPort | int | `33060` | |
|
||||
| service.healthcheck.enabled | bool | `true` | |
|
||||
| service.healthcheck.ports.healthcheck.enabled | bool | `true` | |
|
||||
| service.healthcheck.ports.healthcheck.port | int | `10162` | |
|
||||
| service.main.ports.main.port | int | `10150` | |
|
||||
| service.main.ports.main.protocol | string | `"HTTPS"` | |
|
||||
| service.main.ports.main.targetPort | int | `10150` | |
|
||||
|
||||
All Rights Reserved - The TrueCharts Project
|
||||
|
||||
@@ -45,8 +45,10 @@ hide:
|
||||
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container 'RELEASE-NAME-pydio-cells' of Deployment 'RELEASE-NAME-pydio-cells' should add 'ALL' to 'securityContext.capabilities.drop' </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
|
||||
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | <details><summary>Expand...</summary> The container should drop all default capabilities and add only those that are needed for its execution. <br> <hr> <br> Container 'inotify' of Deployment 'RELEASE-NAME-pydio-cells' should add 'ALL' to 'securityContext.capabilities.drop' </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/">https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/</a><br><a href="https://avd.aquasec.com/appshield/ksv003">https://avd.aquasec.com/appshield/ksv003</a><br></details> |
|
||||
| Kubernetes Security Check | KSV011 | CPU not limited | LOW | <details><summary>Expand...</summary> Enforcing CPU limits prevents DoS via resource exhaustion. <br> <hr> <br> Container 'inotify' of Deployment 'RELEASE-NAME-pydio-cells' should set 'resources.limits.cpu' </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv011">https://avd.aquasec.com/appshield/ksv011</a><br></details> |
|
||||
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container 'RELEASE-NAME-pydio-cells' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.runAsNonRoot' to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
|
||||
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container 'autopermissions' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.runAsNonRoot' to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
|
||||
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container 'inotify' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.runAsNonRoot' to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
|
||||
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container 'RELEASE-NAME-pydio-cells' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.readOnlyRootFilesystem' to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
|
||||
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container 'autopermissions' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.readOnlyRootFilesystem' to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
|
||||
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container 'inotify' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.readOnlyRootFilesystem' to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
|
||||
| Kubernetes Security Check | KSV015 | CPU requests not specified | LOW | <details><summary>Expand...</summary> When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention. <br> <hr> <br> Container 'inotify' of Deployment 'RELEASE-NAME-pydio-cells' should set 'resources.requests.cpu' </details>| <details><summary>Expand...</summary><a href="https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits">https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits</a><br><a href="https://avd.aquasec.com/appshield/ksv015">https://avd.aquasec.com/appshield/ksv015</a><br></details> |
|
||||
@@ -327,8 +329,8 @@ hide:
|
||||
| libpcre3 | CVE-2017-7245 | LOW | 2:8.39-12 | | <details><summary>Expand...</summary><a href="http://www.securityfocus.com/bid/97067">http://www.securityfocus.com/bid/97067</a><br><a href="https://access.redhat.com/errata/RHSA-2018:2486">https://access.redhat.com/errata/RHSA-2018:2486</a><br><a href="https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/">https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/</a><br><a href="https://security.gentoo.org/glsa/201710-25">https://security.gentoo.org/glsa/201710-25</a><br></details> |
|
||||
| libpcre3 | CVE-2017-7246 | LOW | 2:8.39-12 | | <details><summary>Expand...</summary><a href="http://www.securityfocus.com/bid/97067">http://www.securityfocus.com/bid/97067</a><br><a href="https://access.redhat.com/errata/RHSA-2018:2486">https://access.redhat.com/errata/RHSA-2018:2486</a><br><a href="https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/">https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/</a><br><a href="https://security.gentoo.org/glsa/201710-25">https://security.gentoo.org/glsa/201710-25</a><br></details> |
|
||||
| libpcre3 | CVE-2019-20838 | LOW | 2:8.39-12 | | <details><summary>Expand...</summary><a href="http://seclists.org/fulldisclosure/2020/Dec/32">http://seclists.org/fulldisclosure/2020/Dec/32</a><br><a href="http://seclists.org/fulldisclosure/2021/Feb/14">http://seclists.org/fulldisclosure/2021/Feb/14</a><br><a href="https://bugs.gentoo.org/717920">https://bugs.gentoo.org/717920</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838</a><br><a href="https://linux.oracle.com/cve/CVE-2019-20838.html">https://linux.oracle.com/cve/CVE-2019-20838.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4373.html">https://linux.oracle.com/errata/ELSA-2021-4373.html</a><br><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E</a><br><a href="https://support.apple.com/kb/HT211931">https://support.apple.com/kb/HT211931</a><br><a href="https://support.apple.com/kb/HT212147">https://support.apple.com/kb/HT212147</a><br><a href="https://www.pcre.org/original/changelog.txt">https://www.pcre.org/original/changelog.txt</a><br></details> |
|
||||
| libsasl2-2 | CVE-2022-24407 | HIGH | 2.1.27+dfsg-1+deb10u1 | | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407</a><br><a href="https://ubuntu.com/security/notices/USN-5301-1">https://ubuntu.com/security/notices/USN-5301-1</a><br><a href="https://ubuntu.com/security/notices/USN-5301-2">https://ubuntu.com/security/notices/USN-5301-2</a><br></details> |
|
||||
| libsasl2-modules-db | CVE-2022-24407 | HIGH | 2.1.27+dfsg-1+deb10u1 | | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407</a><br><a href="https://ubuntu.com/security/notices/USN-5301-1">https://ubuntu.com/security/notices/USN-5301-1</a><br><a href="https://ubuntu.com/security/notices/USN-5301-2">https://ubuntu.com/security/notices/USN-5301-2</a><br></details> |
|
||||
| libsasl2-2 | CVE-2022-24407 | CRITICAL | 2.1.27+dfsg-1+deb10u1 | | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407</a><br><a href="https://linux.oracle.com/cve/CVE-2022-24407.html">https://linux.oracle.com/cve/CVE-2022-24407.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-0658.html">https://linux.oracle.com/errata/ELSA-2022-0658.html</a><br><a href="https://ubuntu.com/security/notices/USN-5301-1">https://ubuntu.com/security/notices/USN-5301-1</a><br><a href="https://ubuntu.com/security/notices/USN-5301-2">https://ubuntu.com/security/notices/USN-5301-2</a><br><a href="https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28">https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28</a><br></details> |
|
||||
| libsasl2-modules-db | CVE-2022-24407 | CRITICAL | 2.1.27+dfsg-1+deb10u1 | | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407</a><br><a href="https://linux.oracle.com/cve/CVE-2022-24407.html">https://linux.oracle.com/cve/CVE-2022-24407.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2022-0658.html">https://linux.oracle.com/errata/ELSA-2022-0658.html</a><br><a href="https://ubuntu.com/security/notices/USN-5301-1">https://ubuntu.com/security/notices/USN-5301-1</a><br><a href="https://ubuntu.com/security/notices/USN-5301-2">https://ubuntu.com/security/notices/USN-5301-2</a><br><a href="https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28">https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28</a><br></details> |
|
||||
| libseccomp2 | CVE-2019-9893 | LOW | 2.3.3-4 | | <details><summary>Expand...</summary><a href="http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00022.html">http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00022.html</a><br><a href="http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00027.html">http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00027.html</a><br><a href="http://www.paul-moore.com/blog/d/2019/03/libseccomp_v240.html">http://www.paul-moore.com/blog/d/2019/03/libseccomp_v240.html</a><br><a href="https://access.redhat.com/errata/RHSA-2019:3624">https://access.redhat.com/errata/RHSA-2019:3624</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893</a><br><a href="https://github.com/seccomp/libseccomp/issues/139">https://github.com/seccomp/libseccomp/issues/139</a><br><a href="https://linux.oracle.com/cve/CVE-2019-9893.html">https://linux.oracle.com/cve/CVE-2019-9893.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2019-3624.html">https://linux.oracle.com/errata/ELSA-2019-3624.html</a><br><a href="https://seclists.org/oss-sec/2019/q1/179">https://seclists.org/oss-sec/2019/q1/179</a><br><a href="https://security.gentoo.org/glsa/201904-18">https://security.gentoo.org/glsa/201904-18</a><br><a href="https://ubuntu.com/security/notices/USN-4001-1">https://ubuntu.com/security/notices/USN-4001-1</a><br><a href="https://ubuntu.com/security/notices/USN-4001-2">https://ubuntu.com/security/notices/USN-4001-2</a><br><a href="https://usn.ubuntu.com/4001-1/">https://usn.ubuntu.com/4001-1/</a><br><a href="https://usn.ubuntu.com/4001-2/">https://usn.ubuntu.com/4001-2/</a><br><a href="https://www.openwall.com/lists/oss-security/2019/03/15/1">https://www.openwall.com/lists/oss-security/2019/03/15/1</a><br></details> |
|
||||
| libsepol1 | CVE-2021-36084 | LOW | 2.8-1 | | <details><summary>Expand...</summary><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084</a><br><a href="https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3">https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3</a><br><a href="https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml">https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36084.html">https://linux.oracle.com/cve/CVE-2021-36084.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4513.html">https://linux.oracle.com/errata/ELSA-2021-4513.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/</a><br></details> |
|
||||
| libsepol1 | CVE-2021-36085 | LOW | 2.8-1 | | <details><summary>Expand...</summary><a href="https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124">https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124</a><br><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085</a><br><a href="https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba">https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba</a><br><a href="https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml">https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml</a><br><a href="https://linux.oracle.com/cve/CVE-2021-36085.html">https://linux.oracle.com/cve/CVE-2021-36085.html</a><br><a href="https://linux.oracle.com/errata/ELSA-2021-4513.html">https://linux.oracle.com/errata/ELSA-2021-4513.html</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/</a><br></details> |
|
||||
|
||||
+67
-1
@@ -9574,6 +9574,38 @@ entries:
|
||||
- https://github.com/truecharts/apps/releases/download/dizquetv-4.0.19/dizquetv-4.0.19.tgz
|
||||
version: 4.0.19
|
||||
docker-compose:
|
||||
- annotations:
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/catagories: |
|
||||
- docker
|
||||
- test
|
||||
truecharts.org/grade: U
|
||||
apiVersion: v2
|
||||
appVersion: 20.10.12
|
||||
created: "2022-02-24T18:23:57.553210792Z"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org
|
||||
version: 8.16.0
|
||||
description: Dedicated App for using Docker-Compose on TrueNAS SCALE
|
||||
digest: 133452cd1efd3cb5b4b33592ce6573ce7236dfe9175f8ca00ce18cf5111eda02
|
||||
home: https://github.com/truecharts/apps/tree/master/charts/dev/docker-compose
|
||||
icon: https://truecharts.org/_static/img/appicons/docker-compose-icon.png
|
||||
keywords:
|
||||
- docker-compose
|
||||
- docker
|
||||
kubeVersion: '>=1.16.0-0'
|
||||
maintainers:
|
||||
- email: info@truecharts.org
|
||||
name: TrueCharts
|
||||
url: https://truecharts.org
|
||||
name: docker-compose
|
||||
sources:
|
||||
- https://github.com/Jackett/Jackett
|
||||
type: application
|
||||
urls:
|
||||
- https://github.com/truecharts/apps/releases/download/docker-compose-0.0.2/docker-compose-0.0.2.tgz
|
||||
version: 0.0.2
|
||||
- annotations:
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/catagories: |
|
||||
@@ -48127,6 +48159,40 @@ entries:
|
||||
- https://github.com/truecharts/apps/releases/download/pwndrop-0.0.1/pwndrop-0.0.1.tgz
|
||||
version: 0.0.1
|
||||
pydio-cells:
|
||||
- annotations:
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/catagories: |
|
||||
- incubator
|
||||
truecharts.org/grade: U
|
||||
apiVersion: v2
|
||||
appVersion: 3.0.4
|
||||
created: "2022-02-24T18:23:57.769188917Z"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://truecharts.org
|
||||
version: 8.16.0
|
||||
- condition: mariadb.enabled
|
||||
name: mariadb
|
||||
repository: https://truecharts.org/
|
||||
version: 1.0.73
|
||||
description: Pydio-cells is the nextgen file sharing platform for organizations.
|
||||
digest: e035cd3cf6c9b20db32d74379d7aa27f7d8d5ee095aa3c1f7c243cdf1829aa91
|
||||
home: https://github.com/truecharts/apps/tree/master/charts/stable/pydio-cells
|
||||
icon: https://truecharts.org/_static/img/appicons/pydio-cells-icon.png
|
||||
keywords:
|
||||
- pydio-cells
|
||||
kubeVersion: '>=1.16.0-0'
|
||||
maintainers:
|
||||
- email: info@truecharts.org
|
||||
name: TrueCharts
|
||||
url: https://truecharts.org
|
||||
name: pydio-cells
|
||||
sources:
|
||||
- https://hub.docker.com/r/linuxserver/pydio-cells
|
||||
type: application
|
||||
urls:
|
||||
- https://github.com/truecharts/apps/releases/download/pydio-cells-1.0.4/pydio-cells-1.0.4.tgz
|
||||
version: 1.0.4
|
||||
- annotations:
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/catagories: |
|
||||
@@ -64401,4 +64467,4 @@ entries:
|
||||
urls:
|
||||
- https://github.com/truecharts/apps/releases/download/zwavejs2mqtt-9.0.24/zwavejs2mqtt-9.0.24.tgz
|
||||
version: 9.0.24
|
||||
generated: "2022-02-24T15:59:45.816496924Z"
|
||||
generated: "2022-02-24T18:23:57.775303025Z"
|
||||
|
||||
Reference in New Issue
Block a user