Skip to content

Commit fd74a6a

Browse files
pengzhoumlpengzhouml
authored
CLD-906: Update the version of 3rd party images to Resolve High/Critical Severity Vulnerabilities (#162)
* update curlimages/curl version to 8.4.0 to fix hign severity security vulnerability * update fluent-bit version to 2.1.10 to resolve critical security issue * update template test for image version change
1 parent 53bb622 commit fd74a6a

File tree

3 files changed

+5
-5
lines changed

3 files changed

+5
-5
lines changed

README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -114,7 +114,7 @@ Following table lists all the parameters supported by the latest MarkLogic Helm
114114
| `image.tag` | Image tag for MarkLogic image | `11.0.3-centos-1.0.2` |
115115
| `image.pullPolicy` | Image pull policy for MarkLogic image | `IfNotPresent` |
116116
| `initContainerImage.repository` | Repository for initContainer image | `curlimages/curl` |
117-
| `initContainerImage.tag` | Image tag for initContainer image | `7.87.0` |
117+
| `initContainerImage.tag` | Image tag for initContainer image | `8.4.0` |
118118
| `initContainerImage.pullPolicy` | Pull policy for initContainer image | `IfNotPresent` |
119119
| `imagePullSecrets` | Registry secret names as an array | `[]` |
120120
| `resources` | The resource requests and limits for MarkLogic container | `{}` |
@@ -172,7 +172,7 @@ Following table lists all the parameters supported by the latest MarkLogic Helm
172172
| `startupProbe.failureThreshold` | Failure threshold for startup probe | `30` |
173173
| `startupProbe.successThreshold` | Success threshold for startup probe | `1` |
174174
| `logCollection.enabled` | Parameter to enable cluster wide log collection of Marklogic server logs | `false` |
175-
| `logCollection.image` | Image repository and tag for fluent-bit container | `fluent/fluent-bit:2.0.6` |
175+
| `logCollection.image` | Image repository and tag for fluent-bit container | `fluent/fluent-bit:2.1.10` |
176176
| `logCollection.resources.requests.cpu` | The requested cpu resource for the fluent-bit container | `100m` |
177177
| `logCollection.resources.requests.memory` | The requested memory resource for the fluent-bit container | `128Mi` |
178178
| `logCollection.resources.limits.cpu` | The cpu resource limit for the fluent-bit container | `100m` |

charts/values.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ image:
3434
## Init container image parameters
3535
initContainerImage:
3636
repository: curlimages/curl
37-
tag: 7.87.0
37+
tag: 8.4.0
3838
pullPolicy: IfNotPresent
3939

4040
## Configure the imagePullSecrets to pull the image from private repository that requires credential
@@ -282,7 +282,7 @@ startupProbe:
282282
## And export them to a logging backend specified in the outputs section below
283283
logCollection:
284284
enabled: false
285-
image: fluent/fluent-bit:2.0.6
285+
image: fluent/fluent-bit:2.1.10
286286
resources:
287287
requests:
288288
cpu: "100m"

test/template/template_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -85,7 +85,7 @@ func TestChartTemplateLogCollection(t *testing.T) {
8585

8686
// Verify the image matches
8787
expectedImage1 := "marklogicdb/marklogic-db:latest"
88-
expectedImage2 := "fluent/fluent-bit:2.0.6"
88+
expectedImage2 := "fluent/fluent-bit:2.1.10"
8989

9090
statefulSetContainers := statefulset.Spec.Template.Spec.Containers
9191
require.Equal(t, len(statefulSetContainers), 2)

0 commit comments

Comments
 (0)