Merge pull request #109 from cyberark/CONJSE-1683-fix-CVES

telday · web-flow · commit 402787aec881 · 2023-04-04T08:46:19.000-06:00
Update ruby to version 3.0.6
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Security
 - Update OpenSSL to 1.0.2zg to remove CVE-2023-0286
   [cyberark/conjur-base-image#106](https://github.com/cyberark/conjur-base-image/pull/106)
+- Upgrade Ruby to 3.0.6 to resolve CVE-2021-33621
+  [cyberark/conjur-base-image#107](https://github.com/cyberark/conjur-base-image/pull/107)
 
 ## [2.0.5] - 2022-12-9
 
diff --git a/phusion-ruby-builder/Dockerfile b/phusion-ruby-builder/Dockerfile
@@ -11,7 +11,7 @@ FROM openssl-builder:$OPENSSL_BUILDER_TAG as OpenSSL-builder
 FROM phusion/baseimage:$PHUSION_VERSION
 ARG RUBY_MAJOR_VERSION
 ARG RUBY_FULL_VERSION
-ARG RUBY_SHA256=9afc6380a027a4fe1ae1a3e2eccb6b497b9c5ac0631c12ca56f9b7beb4848776
+ARG RUBY_SHA256=6e6cbd490030d7910c0ff20edefab4294dfcd1046f0f8f47f78b597987ac683e
 
 ENV LD_LIBRARY_PATH="/usr/local/ssl/lib"
 
diff --git a/phusion-ruby-builder/build.sh b/phusion-ruby-builder/build.sh
@@ -5,7 +5,7 @@ cd "$(dirname "$0")"
 REPO_ROOT="$(git rev-parse --show-toplevel)"
 PHUSION_VERSION=0.11
 RUBY_MAJOR_VERSION=3.0
-RUBY_FULL_VERSION=3.0.5
+RUBY_FULL_VERSION=3.0.6
 
 docker build -t phusion-ruby-builder:"$RUBY_FULL_VERSION-fips" \
   --build-arg PHUSION_VERSION="$PHUSION_VERSION" \
diff --git a/phusion-ruby-fips/Description.md b/phusion-ruby-fips/Description.md
@@ -4,7 +4,7 @@
 This image includes the following packages:
 
 * OpenSSL version `1.0.ze`: built with  FIPS 140-2 compliant OpenSSL module version `2.0.16`.
-* Ruby version `3.0.5`: compiled against the FIPS 140-2 compliant OpenSSL module.
+* Ruby version `3.0.6`: compiled against the FIPS 140-2 compliant OpenSSL module.
 * Postgres client version `10-10.16`: compiled against the FIPS 140-2 compliant OpenSSL module.
 * OpenLDAP version `2.4.46`: built using OpenSSL rather than gnutls and compiled against the FIPS 140-2 compliant OpenSSL module. 
 * Bundler version `2.2.33`.
diff --git a/phusion-ruby-fips/README.md b/phusion-ruby-fips/README.md
@@ -2,7 +2,7 @@
 This container image includes Phusion version `0.11` which contains the following packages:
 
 * OpenSSL version `1.0.2zg`: built by SafeLogic to be FIPS-compliant
-* Ruby version `3.0.5`: compiled against the FIPS 140-2 compliant OpenSSL module.
+* Ruby version `3.0.6`: compiled against the FIPS 140-2 compliant OpenSSL module.
 * Postgres client version `10-10.16`: compiled against the FIPS 140-2 compliant OpenSSL module.
 * OpenLDAP version `2.4.46`: built using openssl rather than gnutls and compiled against the FIPS 140-2 compliant OpenSSL module.
 * Bundler version `2.2.33`.
diff --git a/phusion-ruby-fips/build.sh b/phusion-ruby-fips/build.sh
@@ -4,7 +4,7 @@ cd "$(dirname "$0")"
 
 REPO_ROOT="$(git rev-parse --show-toplevel)"
 PHUSION_VERSION=0.11
-RUBY_BUILDER_TAG=3.0.5-fips
+RUBY_BUILDER_TAG=3.0.6-fips
 PG_BUILDER_TAG=10-10.16-fips
 OPENLDAP_BUILDER_TAG=2.4.46-fips
 
diff --git a/ubi-ruby-builder/Dockerfile b/ubi-ruby-builder/Dockerfile
@@ -7,7 +7,7 @@ ARG RUBY_FULL_VERSION
 FROM registry.access.redhat.com/$UBI_VERSION/ubi
 ARG RUBY_MAJOR_VERSION
 ARG RUBY_FULL_VERSION
-ARG RUBY_SHA256=9afc6380a027a4fe1ae1a3e2eccb6b497b9c5ac0631c12ca56f9b7beb4848776
+ARG RUBY_SHA256=6e6cbd490030d7910c0ff20edefab4294dfcd1046f0f8f47f78b597987ac683e
 
 RUN yum -y clean all && yum -y makecache && yum -y update
 
diff --git a/ubi-ruby-builder/build.sh b/ubi-ruby-builder/build.sh
@@ -4,7 +4,7 @@ cd "$(dirname "$0")"
 
 UBI_VERSION=ubi8
 RUBY_MAJOR_VERSION=3.0
-RUBY_FULL_VERSION=3.0.5
+RUBY_FULL_VERSION=3.0.6
 
 docker build -t ubi-ruby-builder:"$RUBY_FULL_VERSION-fips" \
   --build-arg UBI_VERSION="$UBI_VERSION" \
diff --git a/ubi-ruby-fips/Description.md b/ubi-ruby-fips/Description.md
@@ -4,7 +4,7 @@
 This image includes the following packages:
 
 * OpenSSL version `1.1.1k`: with FIPS 140-2 compliant OpenSSL module from RedHat UBI 8.
-* Ruby version `3.0.5`: compiled against the FIPS 140-2 compliant OpenSSL module.
+* Ruby version `3.0.6`: compiled against the FIPS 140-2 compliant OpenSSL module.
 * Postgres client version `10-10.16`: compiled against the FIPS 140-2 compliant OpenSSL module.
 * Bundler version `2.2.33`.
  
diff --git a/ubi-ruby-fips/README.md b/ubi-ruby-fips/README.md
@@ -2,7 +2,7 @@
 This container image includes UBI version `8` which contains the following packages:
 
 * OpenSSL version `1.1.1k`: with FIPS 140-2 compliant OpenSSL module from RedHat UBI 8.
-* Ruby version `3.0.5`: compiled against the FIPS 140-2 compliant OpenSSL module.
+* Ruby version `3.0.6`: compiled against the FIPS 140-2 compliant OpenSSL module.
 * Postgres client version `10-10.16`: compiled against the FIPS 140-2 compliant OpenSSL module.
 * Bundler version `2.2.33`.
  
diff --git a/ubi-ruby-fips/build.sh b/ubi-ruby-fips/build.sh
@@ -3,7 +3,7 @@
 cd "$(dirname "$0")"
 
 UBI_VERSION=ubi8
-RUBY_BUILDER_TAG=3.0.5-fips
+RUBY_BUILDER_TAG=3.0.6-fips
 
 docker build -t ubi-ruby-fips:latest \
   --build-arg UBI_VERSION="$UBI_VERSION" \
diff --git a/ubuntu-ruby-builder/Dockerfile b/ubuntu-ruby-builder/Dockerfile
@@ -11,7 +11,7 @@ FROM openssl-builder:$OPENSSL_BUILDER_TAG as OpenSSL-builder
 FROM ubuntu:$UBUNTU_VERSION
 ARG RUBY_MAJOR_VERSION
 ARG RUBY_FULL_VERSION
-ARG RUBY_SHA256=9afc6380a027a4fe1ae1a3e2eccb6b497b9c5ac0631c12ca56f9b7beb4848776
+ARG RUBY_SHA256=6e6cbd490030d7910c0ff20edefab4294dfcd1046f0f8f47f78b597987ac683e
 
 ENV LD_LIBRARY_PATH="/usr/local/ssl/lib"
 
diff --git a/ubuntu-ruby-builder/build.sh b/ubuntu-ruby-builder/build.sh
@@ -5,7 +5,7 @@ cd "$(dirname "$0")"
 REPO_ROOT="$(git rev-parse --show-toplevel)"
 UBUNTU_VERSION=20.04
 RUBY_MAJOR_VERSION=3.0
-RUBY_FULL_VERSION=3.0.5
+RUBY_FULL_VERSION=3.0.6
 
 docker build -t ubuntu-ruby-builder:"$RUBY_FULL_VERSION-fips" \
   --build-arg UBUNTU_VERSION="$UBUNTU_VERSION" \
diff --git a/ubuntu-ruby-fips/Description.md b/ubuntu-ruby-fips/Description.md
@@ -4,7 +4,7 @@
 This image includes the following packages:
 
 * OpenSSL version `1.0.2zg`: built by SafeLogic to be FIPS-compliant.
-* Ruby version `3.0.5`: compiled against the FIPS 140-2 compliant OpenSSL module.
+* Ruby version `3.0.6`: compiled against the FIPS 140-2 compliant OpenSSL module.
 * Postgres client version `10-10.16`: compiled against the FIPS 140-2 compliant OpenSSL module.
 * Bundler version `2.2.33`.
 
diff --git a/ubuntu-ruby-fips/README.md b/ubuntu-ruby-fips/README.md
@@ -2,7 +2,7 @@
 This container image includes Ubuntu version `20.04` which contains the following packages:
 
 * OpenSSL version `1.0.2zg`: built by SafeLogic to be FIPS compliant.
-* Ruby version `3.0.5`: compiled against the FIPS 140-2 compliant OpenSSL module.
+* Ruby version `3.0.6`: compiled against the FIPS 140-2 compliant OpenSSL module.
 * Postgres client version `10-10.16`: compiled against the FIPS 140-2 compliant OpenSSL module.
 * Bundler version `2.2.33`.
  
diff --git a/ubuntu-ruby-fips/build.sh b/ubuntu-ruby-fips/build.sh
@@ -4,7 +4,7 @@ cd "$(dirname "$0")"
 
 REPO_ROOT="$(git rev-parse --show-toplevel)"
 UBUNTU_VERSION=20.04
-RUBY_BUILDER_TAG=3.0.5-fips
+RUBY_BUILDER_TAG=3.0.6-fips
 PG_BUILDER_TAG=10-10.16-fips
 
 docker build -t ubuntu-ruby-fips:latest \
