diff --git a/charts/dev/docker-compose/CHANGELOG.md b/charts/dev/docker-compose/CHANGELOG.md
index efe802c6bb7..332b7a1dd63 100644
--- a/charts/dev/docker-compose/CHANGELOG.md
+++ b/charts/dev/docker-compose/CHANGELOG.md
@@ -1,10 +1,19 @@
# Changelog
+
+### [docker-compose-0.0.2](https://github.com/truecharts/apps/compare/docker-compose-0.0.1...docker-compose-0.0.2) (2022-02-24)
+
+#### Chore
+
+* rename `web_portal` to `open` ([#1957](https://github.com/truecharts/apps/issues/1957))
+* Update adding tc catalog ([#1956](https://github.com/truecharts/apps/issues/1956))
+
+
+
### docker-compose-0.0.1 (2022-02-24)
#### Feat
* add a dedicated App for using Docker-Compose ([#1954](https://github.com/truecharts/apps/issues/1954))
-
diff --git a/charts/dev/docker-compose/helm-values.md b/charts/dev/docker-compose/helm-values.md
index f74c01fbd24..828c079376c 100644
--- a/charts/dev/docker-compose/helm-values.md
+++ b/charts/dev/docker-compose/helm-values.md
@@ -22,7 +22,7 @@ You will, however, be able to use all values referenced in the common chart here
| hostNetwork | bool | `true` | |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.repository | string | `"tccr.io/truecharts/docker-in-docker"` | |
-| image.tag | string | `"v20.10.12@sha256:e672e85d8141beffea3f7e5b97c79a2bca726bde478474e845fc338a08a1092f"` | |
+| image.tag | string | `"v20.10.12@sha256:c62daf2fbd0b520a5849a5b463b059207e3669c892131eff1f0cf22d3b053deb"` | |
| persistence.docker-certs-ca.enabled | bool | `true` | |
| persistence.docker-certs-ca.mountPath | string | `"/config"` | |
| persistence.mnt.enabled | bool | `true` | |
diff --git a/charts/dev/docker-compose/security.md b/charts/dev/docker-compose/security.md
index eeadf9e90f7..29bd7766f06 100644
--- a/charts/dev/docker-compose/security.md
+++ b/charts/dev/docker-compose/security.md
@@ -12,9 +12,9 @@ hide:
##### Scan Results
#### Chart Object: docker-compose/templates/common.yaml
-
-
+
+
| Type | Misconfiguration ID | Check | Severity | Explaination | Links |
|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | Expand...
A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.
Container 'RELEASE-NAME-docker-compose' of StatefulSet 'RELEASE-NAME-docker-compose' should set 'securityContext.allowPrivilegeEscalation' to false | Expand...
https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv001
|
@@ -49,17 +49,17 @@ hide:
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
- tccr.io/truecharts/docker-in-docker:v20.10.12@sha256:e672e85d8141beffea3f7e5b97c79a2bca726bde478474e845fc338a08a1092f
+ tccr.io/truecharts/docker-in-docker:v20.10.12@sha256:c62daf2fbd0b520a5849a5b463b059207e3669c892131eff1f0cf22d3b053deb
##### Scan Results
#### Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2)
-
+
**alpine**
-
+
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
|
@@ -87,11 +87,11 @@ hide:
#### Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2)
-
+
**alpine**
-
+
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
|
@@ -118,4 +118,17 @@ hide:
| ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 | Expand...
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
|
+#### Container: tccr.io/truecharts/docker-in-docker:v20.10.12@sha256:c62daf2fbd0b520a5849a5b463b059207e3669c892131eff1f0cf22d3b053deb (alpine 3.15.0)
+
+**alpine**
+
+
+| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
+|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
+| libblkid | CVE-2021-3995 | MEDIUM | 2.37.2-r1 | 2.37.3-r0 | Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
https://ubuntu.com/security/notices/USN-5279-1
https://www.openwall.com/lists/oss-security/2022/01/24/2
|
+| libblkid | CVE-2021-3996 | MEDIUM | 2.37.2-r1 | 2.37.3-r0 | Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
https://ubuntu.com/security/notices/USN-5279-1
https://www.openwall.com/lists/oss-security/2022/01/24/2
|
+| libblkid | CVE-2022-0563 | MEDIUM | 2.37.2-r1 | 2.37.4-r0 | Expand...
https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u
|
+| libuuid | CVE-2021-3995 | MEDIUM | 2.37.2-r1 | 2.37.3-r0 | Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
https://ubuntu.com/security/notices/USN-5279-1
https://www.openwall.com/lists/oss-security/2022/01/24/2
|
+| libuuid | CVE-2021-3996 | MEDIUM | 2.37.2-r1 | 2.37.3-r0 | Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
https://ubuntu.com/security/notices/USN-5279-1
https://www.openwall.com/lists/oss-security/2022/01/24/2
|
+| libuuid | CVE-2022-0563 | MEDIUM | 2.37.2-r1 | 2.37.4-r0 | Expand...
https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u
|
diff --git a/charts/stable/pydio-cells/CHANGELOG.md b/charts/stable/pydio-cells/CHANGELOG.md
index c7bfcae9012..9ffebd7c945 100644
--- a/charts/stable/pydio-cells/CHANGELOG.md
+++ b/charts/stable/pydio-cells/CHANGELOG.md
@@ -1,6 +1,19 @@
# Changelog
+
+### [pydio-cells-1.0.4](https://github.com/truecharts/apps/compare/pydio-cells-1.0.3...pydio-cells-1.0.4) (2022-02-24)
+
+#### Chore
+
+* rename `web_portal` to `open` ([#1957](https://github.com/truecharts/apps/issues/1957))
+
+#### Fix
+
+* Use different port for healthcheck ([#1949](https://github.com/truecharts/apps/issues/1949))
+
+
+
### [pydio-cells-1.0.3](https://github.com/truecharts/apps/compare/pydio-cells-1.0.2...pydio-cells-1.0.3) (2022-02-23)
diff --git a/charts/stable/pydio-cells/helm-values.md b/charts/stable/pydio-cells/helm-values.md
index 1c1e726927b..a2590677f27 100644
--- a/charts/stable/pydio-cells/helm-values.md
+++ b/charts/stable/pydio-cells/helm-values.md
@@ -11,11 +11,11 @@ You will, however, be able to use all values referenced in the common chart here
| Key | Type | Default | Description |
|-----|------|---------|-------------|
-| env.CELLS_BIND | string | `"0.0.0.0:{{ .Values.service.main.ports.main.targetPort }}"` | |
+| env.CELLS_BIND | string | `"0.0.0.0:{{ .Values.service.main.ports.main.port }}"` | |
| env.CELLS_DATA_DIR | string | `"/cells/data"` | |
| env.CELLS_EXTERNAL | string | `""` | |
-| env.CELLS_GRPC_EXTERNAL | string | `"{{ .Values.service.gprc.ports.gprc.targetPort }}"` | |
-| env.CELLS_HEALTHCHECK | string | `"{{ .Values.service.main.ports.main.targetPort }}"` | |
+| env.CELLS_GRPC_EXTERNAL | string | `"{{ .Values.service.gprc.ports.gprc.port }}"` | |
+| env.CELLS_HEALTHCHECK | string | `"{{ .Values.service.healthcheck.ports.healthcheck.port }}"` | |
| env.CELLS_INSTALL_YAML | string | `"/cells/install.yml"` | |
| env.CELLS_LOG_DIR | string | `"/cells/logs"` | |
| env.CELLS_SERVICES_DIR | string | `"/cells/services"` | |
@@ -35,18 +35,32 @@ You will, however, be able to use all values referenced in the common chart here
| persistence.logs.mountPath | string | `"/cells/logs"` | |
| persistence.services.enabled | bool | `true` | |
| persistence.services.mountPath | string | `"/cells/services"` | |
-| probes.liveness.path | string | `"/healthcheck"` | |
-| probes.readiness.path | string | `"/healthcheck"` | |
-| probes.startup.path | string | `"/healthcheck"` | |
+| podSecurityContext.runAsGroup | int | `0` | |
+| podSecurityContext.runAsUser | int | `0` | |
+| probes.liveness.custom | bool | `true` | |
+| probes.liveness.spec.httpGet.path | string | `"/healthcheck"` | |
+| probes.liveness.spec.httpGet.port | int | `10162` | |
+| probes.liveness.spec.httpGet.scheme | string | `"HTTP"` | |
+| probes.readiness.custom | bool | `true` | |
+| probes.readiness.spec.httpGet.path | string | `"/healthcheck"` | |
+| probes.readiness.spec.httpGet.port | int | `10162` | |
+| probes.readiness.spec.httpGet.scheme | string | `"HTTP"` | |
+| probes.startup.custom | bool | `true` | |
+| probes.startup.spec.httpGet.path | string | `"/healthcheck"` | |
+| probes.startup.spec.httpGet.port | int | `10162` | |
+| probes.startup.spec.httpGet.scheme | string | `"HTTP"` | |
| pydioinstall.password | string | `"supersecret"` | |
| pydioinstall.title | string | `"Pydio Cells"` | |
| pydioinstall.username | string | `"admin"` | |
+| securityContext.readOnlyRootFilesystem | bool | `false` | |
+| securityContext.runAsNonRoot | bool | `false` | |
| service.gprc.enabled | bool | `true` | |
| service.gprc.ports.gprc.enabled | bool | `true` | |
| service.gprc.ports.gprc.port | int | `33060` | |
-| service.gprc.ports.gprc.targetPort | int | `33060` | |
+| service.healthcheck.enabled | bool | `true` | |
+| service.healthcheck.ports.healthcheck.enabled | bool | `true` | |
+| service.healthcheck.ports.healthcheck.port | int | `10162` | |
| service.main.ports.main.port | int | `10150` | |
| service.main.ports.main.protocol | string | `"HTTPS"` | |
-| service.main.ports.main.targetPort | int | `10150` | |
All Rights Reserved - The TrueCharts Project
diff --git a/charts/stable/pydio-cells/security.md b/charts/stable/pydio-cells/security.md
index 5179fdb4452..a7997fd30a8 100644
--- a/charts/stable/pydio-cells/security.md
+++ b/charts/stable/pydio-cells/security.md
@@ -45,8 +45,10 @@ hide:
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | Expand...
The container should drop all default capabilities and add only those that are needed for its execution.
Container 'RELEASE-NAME-pydio-cells' of Deployment 'RELEASE-NAME-pydio-cells' should add 'ALL' to 'securityContext.capabilities.drop' | Expand...
https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003
|
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | Expand...
The container should drop all default capabilities and add only those that are needed for its execution.
Container 'inotify' of Deployment 'RELEASE-NAME-pydio-cells' should add 'ALL' to 'securityContext.capabilities.drop' | Expand...
https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003
|
| Kubernetes Security Check | KSV011 | CPU not limited | LOW | Expand...
Enforcing CPU limits prevents DoS via resource exhaustion.
Container 'inotify' of Deployment 'RELEASE-NAME-pydio-cells' should set 'resources.limits.cpu' | Expand...
https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits
https://avd.aquasec.com/appshield/ksv011
|
+| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | Expand...
'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.
Container 'RELEASE-NAME-pydio-cells' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.runAsNonRoot' to true | Expand...
https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
|
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | Expand...
'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.
Container 'autopermissions' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.runAsNonRoot' to true | Expand...
https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
|
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | Expand...
'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.
Container 'inotify' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.runAsNonRoot' to true | Expand...
https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
|
+| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | Expand...
An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.
Container 'RELEASE-NAME-pydio-cells' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.readOnlyRootFilesystem' to true | Expand...
https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
|
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | Expand...
An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.
Container 'autopermissions' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.readOnlyRootFilesystem' to true | Expand...
https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
|
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | Expand...
An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.
Container 'inotify' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.readOnlyRootFilesystem' to true | Expand...
https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
|
| Kubernetes Security Check | KSV015 | CPU requests not specified | LOW | Expand...
When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention.
Container 'inotify' of Deployment 'RELEASE-NAME-pydio-cells' should set 'resources.requests.cpu' | Expand...
https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits
https://avd.aquasec.com/appshield/ksv015
|
@@ -327,8 +329,8 @@ hide:
| libpcre3 | CVE-2017-7245 | LOW | 2:8.39-12 | | Expand...
http://www.securityfocus.com/bid/97067
https://access.redhat.com/errata/RHSA-2018:2486
https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
https://security.gentoo.org/glsa/201710-25
|
| libpcre3 | CVE-2017-7246 | LOW | 2:8.39-12 | | Expand...
http://www.securityfocus.com/bid/97067
https://access.redhat.com/errata/RHSA-2018:2486
https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
https://security.gentoo.org/glsa/201710-25
|
| libpcre3 | CVE-2019-20838 | LOW | 2:8.39-12 | | Expand...
http://seclists.org/fulldisclosure/2020/Dec/32
http://seclists.org/fulldisclosure/2021/Feb/14
https://bugs.gentoo.org/717920
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838
https://linux.oracle.com/cve/CVE-2019-20838.html
https://linux.oracle.com/errata/ELSA-2021-4373.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://support.apple.com/kb/HT211931
https://support.apple.com/kb/HT212147
https://www.pcre.org/original/changelog.txt
|
-| libsasl2-2 | CVE-2022-24407 | HIGH | 2.1.27+dfsg-1+deb10u1 | | Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407
https://ubuntu.com/security/notices/USN-5301-1
https://ubuntu.com/security/notices/USN-5301-2
|
-| libsasl2-modules-db | CVE-2022-24407 | HIGH | 2.1.27+dfsg-1+deb10u1 | | Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407
https://ubuntu.com/security/notices/USN-5301-1
https://ubuntu.com/security/notices/USN-5301-2
|
+| libsasl2-2 | CVE-2022-24407 | CRITICAL | 2.1.27+dfsg-1+deb10u1 | | Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407
https://linux.oracle.com/cve/CVE-2022-24407.html
https://linux.oracle.com/errata/ELSA-2022-0658.html
https://ubuntu.com/security/notices/USN-5301-1
https://ubuntu.com/security/notices/USN-5301-2
https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28
|
+| libsasl2-modules-db | CVE-2022-24407 | CRITICAL | 2.1.27+dfsg-1+deb10u1 | | Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407
https://linux.oracle.com/cve/CVE-2022-24407.html
https://linux.oracle.com/errata/ELSA-2022-0658.html
https://ubuntu.com/security/notices/USN-5301-1
https://ubuntu.com/security/notices/USN-5301-2
https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28
|
| libseccomp2 | CVE-2019-9893 | LOW | 2.3.3-4 | | Expand...
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00027.html
http://www.paul-moore.com/blog/d/2019/03/libseccomp_v240.html
https://access.redhat.com/errata/RHSA-2019:3624
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893
https://github.com/seccomp/libseccomp/issues/139
https://linux.oracle.com/cve/CVE-2019-9893.html
https://linux.oracle.com/errata/ELSA-2019-3624.html
https://seclists.org/oss-sec/2019/q1/179
https://security.gentoo.org/glsa/201904-18
https://ubuntu.com/security/notices/USN-4001-1
https://ubuntu.com/security/notices/USN-4001-2
https://usn.ubuntu.com/4001-1/
https://usn.ubuntu.com/4001-2/
https://www.openwall.com/lists/oss-security/2019/03/15/1
|
| libsepol1 | CVE-2021-36084 | LOW | 2.8-1 | | Expand...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084
https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml
https://linux.oracle.com/cve/CVE-2021-36084.html
https://linux.oracle.com/errata/ELSA-2021-4513.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/
|
| libsepol1 | CVE-2021-36085 | LOW | 2.8-1 | | Expand...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085
https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml
https://linux.oracle.com/cve/CVE-2021-36085.html
https://linux.oracle.com/errata/ELSA-2021-4513.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/
|
diff --git a/docs/apps/dev/docker-compose/CHANGELOG.md b/docs/apps/dev/docker-compose/CHANGELOG.md
index efe802c6bb7..332b7a1dd63 100644
--- a/docs/apps/dev/docker-compose/CHANGELOG.md
+++ b/docs/apps/dev/docker-compose/CHANGELOG.md
@@ -1,10 +1,19 @@
# Changelog
+
+### [docker-compose-0.0.2](https://github.com/truecharts/apps/compare/docker-compose-0.0.1...docker-compose-0.0.2) (2022-02-24)
+
+#### Chore
+
+* rename `web_portal` to `open` ([#1957](https://github.com/truecharts/apps/issues/1957))
+* Update adding tc catalog ([#1956](https://github.com/truecharts/apps/issues/1956))
+
+
+
### docker-compose-0.0.1 (2022-02-24)
#### Feat
* add a dedicated App for using Docker-Compose ([#1954](https://github.com/truecharts/apps/issues/1954))
-
diff --git a/docs/apps/dev/docker-compose/helm-values.md b/docs/apps/dev/docker-compose/helm-values.md
index f74c01fbd24..828c079376c 100644
--- a/docs/apps/dev/docker-compose/helm-values.md
+++ b/docs/apps/dev/docker-compose/helm-values.md
@@ -22,7 +22,7 @@ You will, however, be able to use all values referenced in the common chart here
| hostNetwork | bool | `true` | |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.repository | string | `"tccr.io/truecharts/docker-in-docker"` | |
-| image.tag | string | `"v20.10.12@sha256:e672e85d8141beffea3f7e5b97c79a2bca726bde478474e845fc338a08a1092f"` | |
+| image.tag | string | `"v20.10.12@sha256:c62daf2fbd0b520a5849a5b463b059207e3669c892131eff1f0cf22d3b053deb"` | |
| persistence.docker-certs-ca.enabled | bool | `true` | |
| persistence.docker-certs-ca.mountPath | string | `"/config"` | |
| persistence.mnt.enabled | bool | `true` | |
diff --git a/docs/apps/dev/docker-compose/security.md b/docs/apps/dev/docker-compose/security.md
index eeadf9e90f7..29bd7766f06 100644
--- a/docs/apps/dev/docker-compose/security.md
+++ b/docs/apps/dev/docker-compose/security.md
@@ -12,9 +12,9 @@ hide:
##### Scan Results
#### Chart Object: docker-compose/templates/common.yaml
-
-
+
+
| Type | Misconfiguration ID | Check | Severity | Explaination | Links |
|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | Expand...
A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.
Container 'RELEASE-NAME-docker-compose' of StatefulSet 'RELEASE-NAME-docker-compose' should set 'securityContext.allowPrivilegeEscalation' to false | Expand...
https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv001
|
@@ -49,17 +49,17 @@ hide:
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c
- tccr.io/truecharts/docker-in-docker:v20.10.12@sha256:e672e85d8141beffea3f7e5b97c79a2bca726bde478474e845fc338a08a1092f
+ tccr.io/truecharts/docker-in-docker:v20.10.12@sha256:c62daf2fbd0b520a5849a5b463b059207e3669c892131eff1f0cf22d3b053deb
##### Scan Results
#### Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2)
-
+
**alpine**
-
+
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
|
@@ -87,11 +87,11 @@ hide:
#### Container: tccr.io/truecharts/alpine:v3.14.2@sha256:4095394abbae907e94b1f2fd2e2de6c4f201a5b9704573243ca8eb16db8cdb7c (alpine 3.14.2)
-
+
**alpine**
-
+
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| busybox | CVE-2021-42378 | HIGH | 1.33.1-r3 | 1.33.1-r6 | Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
https://ubuntu.com/security/notices/USN-5179-1
|
@@ -118,4 +118,17 @@ hide:
| ssl_client | CVE-2021-42375 | MEDIUM | 1.33.1-r3 | 1.33.1-r5 | Expand...
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/
https://security.netapp.com/advisory/ntap-20211223-0002/
|
+#### Container: tccr.io/truecharts/docker-in-docker:v20.10.12@sha256:c62daf2fbd0b520a5849a5b463b059207e3669c892131eff1f0cf22d3b053deb (alpine 3.15.0)
+
+**alpine**
+
+
+| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
+|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
+| libblkid | CVE-2021-3995 | MEDIUM | 2.37.2-r1 | 2.37.3-r0 | Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
https://ubuntu.com/security/notices/USN-5279-1
https://www.openwall.com/lists/oss-security/2022/01/24/2
|
+| libblkid | CVE-2021-3996 | MEDIUM | 2.37.2-r1 | 2.37.3-r0 | Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
https://ubuntu.com/security/notices/USN-5279-1
https://www.openwall.com/lists/oss-security/2022/01/24/2
|
+| libblkid | CVE-2022-0563 | MEDIUM | 2.37.2-r1 | 2.37.4-r0 | Expand...
https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u
|
+| libuuid | CVE-2021-3995 | MEDIUM | 2.37.2-r1 | 2.37.3-r0 | Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3995
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
https://ubuntu.com/security/notices/USN-5279-1
https://www.openwall.com/lists/oss-security/2022/01/24/2
|
+| libuuid | CVE-2021-3996 | MEDIUM | 2.37.2-r1 | 2.37.3-r0 | Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3996
https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.37/v2.37.3-ReleaseNotes
https://ubuntu.com/security/notices/USN-5279-1
https://www.openwall.com/lists/oss-security/2022/01/24/2
|
+| libuuid | CVE-2022-0563 | MEDIUM | 2.37.2-r1 | 2.37.4-r0 | Expand...
https://lore.kernel.org/util-linux/20220214110609.msiwlm457ngoic6w@ws.net.home/T/#u
|
diff --git a/docs/apps/stable/pydio-cells/CHANGELOG.md b/docs/apps/stable/pydio-cells/CHANGELOG.md
index c7bfcae9012..9ffebd7c945 100644
--- a/docs/apps/stable/pydio-cells/CHANGELOG.md
+++ b/docs/apps/stable/pydio-cells/CHANGELOG.md
@@ -1,6 +1,19 @@
# Changelog
+
+### [pydio-cells-1.0.4](https://github.com/truecharts/apps/compare/pydio-cells-1.0.3...pydio-cells-1.0.4) (2022-02-24)
+
+#### Chore
+
+* rename `web_portal` to `open` ([#1957](https://github.com/truecharts/apps/issues/1957))
+
+#### Fix
+
+* Use different port for healthcheck ([#1949](https://github.com/truecharts/apps/issues/1949))
+
+
+
### [pydio-cells-1.0.3](https://github.com/truecharts/apps/compare/pydio-cells-1.0.2...pydio-cells-1.0.3) (2022-02-23)
diff --git a/docs/apps/stable/pydio-cells/helm-values.md b/docs/apps/stable/pydio-cells/helm-values.md
index 1c1e726927b..a2590677f27 100644
--- a/docs/apps/stable/pydio-cells/helm-values.md
+++ b/docs/apps/stable/pydio-cells/helm-values.md
@@ -11,11 +11,11 @@ You will, however, be able to use all values referenced in the common chart here
| Key | Type | Default | Description |
|-----|------|---------|-------------|
-| env.CELLS_BIND | string | `"0.0.0.0:{{ .Values.service.main.ports.main.targetPort }}"` | |
+| env.CELLS_BIND | string | `"0.0.0.0:{{ .Values.service.main.ports.main.port }}"` | |
| env.CELLS_DATA_DIR | string | `"/cells/data"` | |
| env.CELLS_EXTERNAL | string | `""` | |
-| env.CELLS_GRPC_EXTERNAL | string | `"{{ .Values.service.gprc.ports.gprc.targetPort }}"` | |
-| env.CELLS_HEALTHCHECK | string | `"{{ .Values.service.main.ports.main.targetPort }}"` | |
+| env.CELLS_GRPC_EXTERNAL | string | `"{{ .Values.service.gprc.ports.gprc.port }}"` | |
+| env.CELLS_HEALTHCHECK | string | `"{{ .Values.service.healthcheck.ports.healthcheck.port }}"` | |
| env.CELLS_INSTALL_YAML | string | `"/cells/install.yml"` | |
| env.CELLS_LOG_DIR | string | `"/cells/logs"` | |
| env.CELLS_SERVICES_DIR | string | `"/cells/services"` | |
@@ -35,18 +35,32 @@ You will, however, be able to use all values referenced in the common chart here
| persistence.logs.mountPath | string | `"/cells/logs"` | |
| persistence.services.enabled | bool | `true` | |
| persistence.services.mountPath | string | `"/cells/services"` | |
-| probes.liveness.path | string | `"/healthcheck"` | |
-| probes.readiness.path | string | `"/healthcheck"` | |
-| probes.startup.path | string | `"/healthcheck"` | |
+| podSecurityContext.runAsGroup | int | `0` | |
+| podSecurityContext.runAsUser | int | `0` | |
+| probes.liveness.custom | bool | `true` | |
+| probes.liveness.spec.httpGet.path | string | `"/healthcheck"` | |
+| probes.liveness.spec.httpGet.port | int | `10162` | |
+| probes.liveness.spec.httpGet.scheme | string | `"HTTP"` | |
+| probes.readiness.custom | bool | `true` | |
+| probes.readiness.spec.httpGet.path | string | `"/healthcheck"` | |
+| probes.readiness.spec.httpGet.port | int | `10162` | |
+| probes.readiness.spec.httpGet.scheme | string | `"HTTP"` | |
+| probes.startup.custom | bool | `true` | |
+| probes.startup.spec.httpGet.path | string | `"/healthcheck"` | |
+| probes.startup.spec.httpGet.port | int | `10162` | |
+| probes.startup.spec.httpGet.scheme | string | `"HTTP"` | |
| pydioinstall.password | string | `"supersecret"` | |
| pydioinstall.title | string | `"Pydio Cells"` | |
| pydioinstall.username | string | `"admin"` | |
+| securityContext.readOnlyRootFilesystem | bool | `false` | |
+| securityContext.runAsNonRoot | bool | `false` | |
| service.gprc.enabled | bool | `true` | |
| service.gprc.ports.gprc.enabled | bool | `true` | |
| service.gprc.ports.gprc.port | int | `33060` | |
-| service.gprc.ports.gprc.targetPort | int | `33060` | |
+| service.healthcheck.enabled | bool | `true` | |
+| service.healthcheck.ports.healthcheck.enabled | bool | `true` | |
+| service.healthcheck.ports.healthcheck.port | int | `10162` | |
| service.main.ports.main.port | int | `10150` | |
| service.main.ports.main.protocol | string | `"HTTPS"` | |
-| service.main.ports.main.targetPort | int | `10150` | |
All Rights Reserved - The TrueCharts Project
diff --git a/docs/apps/stable/pydio-cells/security.md b/docs/apps/stable/pydio-cells/security.md
index 5179fdb4452..a7997fd30a8 100644
--- a/docs/apps/stable/pydio-cells/security.md
+++ b/docs/apps/stable/pydio-cells/security.md
@@ -45,8 +45,10 @@ hide:
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | Expand...
The container should drop all default capabilities and add only those that are needed for its execution.
Container 'RELEASE-NAME-pydio-cells' of Deployment 'RELEASE-NAME-pydio-cells' should add 'ALL' to 'securityContext.capabilities.drop' | Expand...
https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003
|
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | Expand...
The container should drop all default capabilities and add only those that are needed for its execution.
Container 'inotify' of Deployment 'RELEASE-NAME-pydio-cells' should add 'ALL' to 'securityContext.capabilities.drop' | Expand...
https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003
|
| Kubernetes Security Check | KSV011 | CPU not limited | LOW | Expand...
Enforcing CPU limits prevents DoS via resource exhaustion.
Container 'inotify' of Deployment 'RELEASE-NAME-pydio-cells' should set 'resources.limits.cpu' | Expand...
https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits
https://avd.aquasec.com/appshield/ksv011
|
+| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | Expand...
'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.
Container 'RELEASE-NAME-pydio-cells' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.runAsNonRoot' to true | Expand...
https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
|
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | Expand...
'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.
Container 'autopermissions' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.runAsNonRoot' to true | Expand...
https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
|
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | Expand...
'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.
Container 'inotify' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.runAsNonRoot' to true | Expand...
https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
|
+| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | Expand...
An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.
Container 'RELEASE-NAME-pydio-cells' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.readOnlyRootFilesystem' to true | Expand...
https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
|
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | Expand...
An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.
Container 'autopermissions' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.readOnlyRootFilesystem' to true | Expand...
https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
|
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | Expand...
An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.
Container 'inotify' of Deployment 'RELEASE-NAME-pydio-cells' should set 'securityContext.readOnlyRootFilesystem' to true | Expand...
https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
|
| Kubernetes Security Check | KSV015 | CPU requests not specified | LOW | Expand...
When containers have resource requests specified, the scheduler can make better decisions about which nodes to place pods on, and how to deal with resource contention.
Container 'inotify' of Deployment 'RELEASE-NAME-pydio-cells' should set 'resources.requests.cpu' | Expand...
https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-best-practices-resource-requests-and-limits
https://avd.aquasec.com/appshield/ksv015
|
@@ -327,8 +329,8 @@ hide:
| libpcre3 | CVE-2017-7245 | LOW | 2:8.39-12 | | Expand...
http://www.securityfocus.com/bid/97067
https://access.redhat.com/errata/RHSA-2018:2486
https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
https://security.gentoo.org/glsa/201710-25
|
| libpcre3 | CVE-2017-7246 | LOW | 2:8.39-12 | | Expand...
http://www.securityfocus.com/bid/97067
https://access.redhat.com/errata/RHSA-2018:2486
https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
https://security.gentoo.org/glsa/201710-25
|
| libpcre3 | CVE-2019-20838 | LOW | 2:8.39-12 | | Expand...
http://seclists.org/fulldisclosure/2020/Dec/32
http://seclists.org/fulldisclosure/2021/Feb/14
https://bugs.gentoo.org/717920
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20838
https://linux.oracle.com/cve/CVE-2019-20838.html
https://linux.oracle.com/errata/ELSA-2021-4373.html
https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E
https://support.apple.com/kb/HT211931
https://support.apple.com/kb/HT212147
https://www.pcre.org/original/changelog.txt
|
-| libsasl2-2 | CVE-2022-24407 | HIGH | 2.1.27+dfsg-1+deb10u1 | | Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407
https://ubuntu.com/security/notices/USN-5301-1
https://ubuntu.com/security/notices/USN-5301-2
|
-| libsasl2-modules-db | CVE-2022-24407 | HIGH | 2.1.27+dfsg-1+deb10u1 | | Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407
https://ubuntu.com/security/notices/USN-5301-1
https://ubuntu.com/security/notices/USN-5301-2
|
+| libsasl2-2 | CVE-2022-24407 | CRITICAL | 2.1.27+dfsg-1+deb10u1 | | Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407
https://linux.oracle.com/cve/CVE-2022-24407.html
https://linux.oracle.com/errata/ELSA-2022-0658.html
https://ubuntu.com/security/notices/USN-5301-1
https://ubuntu.com/security/notices/USN-5301-2
https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28
|
+| libsasl2-modules-db | CVE-2022-24407 | CRITICAL | 2.1.27+dfsg-1+deb10u1 | | Expand...
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407
https://linux.oracle.com/cve/CVE-2022-24407.html
https://linux.oracle.com/errata/ELSA-2022-0658.html
https://ubuntu.com/security/notices/USN-5301-1
https://ubuntu.com/security/notices/USN-5301-2
https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28
|
| libseccomp2 | CVE-2019-9893 | LOW | 2.3.3-4 | | Expand...
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00022.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00027.html
http://www.paul-moore.com/blog/d/2019/03/libseccomp_v240.html
https://access.redhat.com/errata/RHSA-2019:3624
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9893
https://github.com/seccomp/libseccomp/issues/139
https://linux.oracle.com/cve/CVE-2019-9893.html
https://linux.oracle.com/errata/ELSA-2019-3624.html
https://seclists.org/oss-sec/2019/q1/179
https://security.gentoo.org/glsa/201904-18
https://ubuntu.com/security/notices/USN-4001-1
https://ubuntu.com/security/notices/USN-4001-2
https://usn.ubuntu.com/4001-1/
https://usn.ubuntu.com/4001-2/
https://www.openwall.com/lists/oss-security/2019/03/15/1
|
| libsepol1 | CVE-2021-36084 | LOW | 2.8-1 | | Expand...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31065
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36084
https://github.com/SELinuxProject/selinux/commit/f34d3d30c8325e4847a6b696fe7a3936a8a361f3
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-417.yaml
https://linux.oracle.com/cve/CVE-2021-36084.html
https://linux.oracle.com/errata/ELSA-2021-4513.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/
|
| libsepol1 | CVE-2021-36085 | LOW | 2.8-1 | | Expand...
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=31124
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36085
https://github.com/SELinuxProject/selinux/commit/2d35fcc7e9e976a2346b1de20e54f8663e8a6cba
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/selinux/OSV-2021-421.yaml
https://linux.oracle.com/cve/CVE-2021-36085.html
https://linux.oracle.com/errata/ELSA-2021-4513.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U7ZYR3PIJ75N6U2IONJWCKZ5L2NKJTGR/
|
diff --git a/docs/index.yaml b/docs/index.yaml
index aa78aeb7988..81a51bf7410 100644
--- a/docs/index.yaml
+++ b/docs/index.yaml
@@ -9574,6 +9574,38 @@ entries:
- https://github.com/truecharts/apps/releases/download/dizquetv-4.0.19/dizquetv-4.0.19.tgz
version: 4.0.19
docker-compose:
+ - annotations:
+ truecharts.org/SCALE-support: "true"
+ truecharts.org/catagories: |
+ - docker
+ - test
+ truecharts.org/grade: U
+ apiVersion: v2
+ appVersion: 20.10.12
+ created: "2022-02-24T18:23:57.553210792Z"
+ dependencies:
+ - name: common
+ repository: https://truecharts.org
+ version: 8.16.0
+ description: Dedicated App for using Docker-Compose on TrueNAS SCALE
+ digest: 133452cd1efd3cb5b4b33592ce6573ce7236dfe9175f8ca00ce18cf5111eda02
+ home: https://github.com/truecharts/apps/tree/master/charts/dev/docker-compose
+ icon: https://truecharts.org/_static/img/appicons/docker-compose-icon.png
+ keywords:
+ - docker-compose
+ - docker
+ kubeVersion: '>=1.16.0-0'
+ maintainers:
+ - email: info@truecharts.org
+ name: TrueCharts
+ url: https://truecharts.org
+ name: docker-compose
+ sources:
+ - https://github.com/Jackett/Jackett
+ type: application
+ urls:
+ - https://github.com/truecharts/apps/releases/download/docker-compose-0.0.2/docker-compose-0.0.2.tgz
+ version: 0.0.2
- annotations:
truecharts.org/SCALE-support: "true"
truecharts.org/catagories: |
@@ -48127,6 +48159,40 @@ entries:
- https://github.com/truecharts/apps/releases/download/pwndrop-0.0.1/pwndrop-0.0.1.tgz
version: 0.0.1
pydio-cells:
+ - annotations:
+ truecharts.org/SCALE-support: "true"
+ truecharts.org/catagories: |
+ - incubator
+ truecharts.org/grade: U
+ apiVersion: v2
+ appVersion: 3.0.4
+ created: "2022-02-24T18:23:57.769188917Z"
+ dependencies:
+ - name: common
+ repository: https://truecharts.org
+ version: 8.16.0
+ - condition: mariadb.enabled
+ name: mariadb
+ repository: https://truecharts.org/
+ version: 1.0.73
+ description: Pydio-cells is the nextgen file sharing platform for organizations.
+ digest: e035cd3cf6c9b20db32d74379d7aa27f7d8d5ee095aa3c1f7c243cdf1829aa91
+ home: https://github.com/truecharts/apps/tree/master/charts/stable/pydio-cells
+ icon: https://truecharts.org/_static/img/appicons/pydio-cells-icon.png
+ keywords:
+ - pydio-cells
+ kubeVersion: '>=1.16.0-0'
+ maintainers:
+ - email: info@truecharts.org
+ name: TrueCharts
+ url: https://truecharts.org
+ name: pydio-cells
+ sources:
+ - https://hub.docker.com/r/linuxserver/pydio-cells
+ type: application
+ urls:
+ - https://github.com/truecharts/apps/releases/download/pydio-cells-1.0.4/pydio-cells-1.0.4.tgz
+ version: 1.0.4
- annotations:
truecharts.org/SCALE-support: "true"
truecharts.org/catagories: |
@@ -64401,4 +64467,4 @@ entries:
urls:
- https://github.com/truecharts/apps/releases/download/zwavejs2mqtt-9.0.24/zwavejs2mqtt-9.0.24.tgz
version: 9.0.24
-generated: "2022-02-24T15:59:45.816496924Z"
+generated: "2022-02-24T18:23:57.775303025Z"