Skip to content

BE: Overwrite busybox temporarily #1537

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

BE: Overwrite busybox temporarily #1537

wants to merge 1 commit into from

Conversation

@yeikel
Copy link
Collaborator

@yeikel yeikel commented Nov 28, 2025
edited
Loading

What changes did you make? (Give an overview)

Fixes for

CVE-2024-58251
CVE-2025-46394

See https://github.com/kafbat/kafka-ui/actions/runs/19702244858/job/56441067387

How Has This Been Tested? (put an "x" (case-sensitive!) next to an item)

  • No need to
  • Manually (please, describe, if necessary)
  • Unit checks
  • Integration checks
  • Covered by existing automation

Checklist (put an "x" (case-sensitive!) next to all the items, otherwise the build will fail)

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation (e.g. ENVIRONMENT VARIABLES)
  • My changes generate no new warnings (e.g. Sonar is happy)
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged

Check out Contributing and Code of Conduct

A picture of a cute animal (not mandatory but encouraged)

image

@kapybro kapybro bot added status/triage Issues pending maintainers triage status/triage/manual Manual triage in progress status/triage/completed Automatic triage completed and removed status/triage Issues pending maintainers triage labels Nov 28, 2025
@yeikel yeikel marked this pull request as ready for review November 28, 2025 23:14
@yeikel yeikel requested a review from a team as a code owner November 28, 2025 23:14
yeikel
yeikel commented Nov 28, 2025
View reviewed changes
api/Dockerfile
# 1. Self Documentation: It is difficult to find out what the expected tag is given a sha alone
# 2. Helps dependabot during discovery of upgrades
# We include the SHA to ensure image immutability
FROM azul/zulu-openjdk-alpine:25.0.1-jre-headless@sha256:5499f0c1453d7e7111501b28b21f173b1ec88a48719b7d5b060b0e6461c315b3
Copy link
Collaborator Author

@yeikel yeikel Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the latest version as of now. This pull request is meant to be reverted

Copy link
Member

@germanosin germanosin Nov 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I’d prefer to wait until Zulu updates the image.

Copy link
Collaborator Author

@yeikel yeikel Nov 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There hasn't been any update in the last 2 weeks, possibly due to holidays. So, we may be vulnerable for a while

I'd think we should prioritize security as long as all our integration tests pass

Copy link
Collaborator Author

@yeikel yeikel Nov 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There hasn't been any update in the last 2 weeks, possibly due to holidays. So, we may be vulnerable for a while

I'd think we should prioritize security as long as all our integration tests pass

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@germanosin germanosin germanosin left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

status/triage/completed Automatic triage completed status/triage/manual Manual triage in progress

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@yeikel @germanosin