This is an automated email from the ASF dual-hosted git repository.

ricardozanini pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-kie-tools.git


The following commit(s) were added to refs/heads/main by this push:
     new da64251dca4 NO-ISSUE: Fix security issues on images (#2829)
da64251dca4 is described below

commit da64251dca45b09c29b306f3be61dad1b5124f10
Author: Ricardo Zanini <1538000+ricardozan...@users.noreply.github.com>
AuthorDate: Thu Jan 9 14:06:32 2025 -0500

    NO-ISSUE: Fix security issues on images (#2829)
    
    Signed-off-by: Ricardo Zanini <ricardozan...@gmail.com>
---
 .../sonataflow-greeting/src/main/resources/application.properties     | 2 +-
 packages/cors-proxy-image/Containerfile                               | 2 +-
 packages/dashbuilder-viewer-image/Containerfile                       | 2 +-
 packages/dev-deployment-base-image/README.md                          | 4 ++--
 packages/dev-deployment-base-image/env/index.js                       | 2 +-
 packages/dev-deployment-dmn-form-webapp-image/Containerfile           | 2 +-
 .../dev/Containerfile.ddus-buildtime-install                          | 2 +-
 .../dev-deployment-upload-service/dev/Containerfile.ddus-fileserver   | 2 +-
 .../dev/Containerfile.ddus-runtime-install                            | 2 +-
 packages/kie-sandbox-extended-services-image/env/index.js             | 2 +-
 packages/kie-sandbox-webapp-image/Containerfile                       | 2 +-
 .../resources/incubator-kie-kogito-base-builder-image.yaml            | 2 +-
 .../resources/incubator-kie-kogito-data-index-ephemeral-image.yaml    | 2 +-
 .../resources/incubator-kie-kogito-data-index-postgresql-image.yaml   | 2 +-
 .../resources/incubator-kie-kogito-jit-runner-image.yaml              | 2 +-
 .../resources/incubator-kie-kogito-jobs-service-allinone-image.yaml   | 2 +-
 .../resources/incubator-kie-kogito-jobs-service-ephemeral-image.yaml  | 2 +-
 .../resources/incubator-kie-kogito-jobs-service-postgresql-image.yaml | 2 +-
 packages/kogito-management-console/Containerfile                      | 2 +-
 packages/maven-m2-repo-via-http-image/Containerfile                   | 2 +-
 .../resources/incubator-kie-sonataflow-builder-image.yaml             | 4 ++--
 .../resources/incubator-kie-sonataflow-devmode-image.yaml             | 4 ++--
 .../resources/incubator-kie-sonataflow-management-console-image.yaml  | 2 +-
 packages/sonataflow-operator/images/manager.yaml                      | 2 +-
 24 files changed, 27 insertions(+), 27 deletions(-)

diff --git 
a/examples/sonataflow-greeting/src/main/resources/application.properties 
b/examples/sonataflow-greeting/src/main/resources/application.properties
index ce9b26ac3ce..f0030b12430 100644
--- a/examples/sonataflow-greeting/src/main/resources/application.properties
+++ b/examples/sonataflow-greeting/src/main/resources/application.properties
@@ -28,5 +28,5 @@ quarkus.native.native-image-xmx=8g
 %container.quarkus.container-image.registry=dev.local
 %container.quarkus.container-image.tag=1.0-SNAPSHOT
 %container.quarkus.jib.jvm-entrypoint=/home/kogito/kogito-app-launch.sh
-%container.quarkus.jib.base-jvm-image=registry.access.redhat.com/ubi9/openjdk-17:1.20
+%container.quarkus.jib.base-jvm-image=registry.access.redhat.com/ubi9/openjdk-17:1.21
 %container.quarkus.jib.working-directory=/home/kogito/bin
diff --git a/packages/cors-proxy-image/Containerfile 
b/packages/cors-proxy-image/Containerfile
index f7ca5372f04..a17e9775111 100644
--- a/packages/cors-proxy-image/Containerfile
+++ b/packages/cors-proxy-image/Containerfile
@@ -15,7 +15,7 @@
 # specific language governing permissions and limitations
 # under the License.
 
-FROM --platform=linux/amd64 registry.access.redhat.com/ubi9/ubi-minimal:9.4
+FROM --platform=linux/amd64 registry.access.redhat.com/ubi9/ubi-minimal:9.5
 
 ARG CORS_PROXY_DEFAULT_PORT=8080
 ARG CORS_PROXY_DEFAULT_ORIGIN=*
diff --git a/packages/dashbuilder-viewer-image/Containerfile 
b/packages/dashbuilder-viewer-image/Containerfile
index fcc4531b36b..990aabc0f0e 100644
--- a/packages/dashbuilder-viewer-image/Containerfile
+++ b/packages/dashbuilder-viewer-image/Containerfile
@@ -15,7 +15,7 @@
 # specific language governing permissions and limitations
 # under the License.
 
-FROM --platform=linux/amd64 registry.access.redhat.com/ubi9/ubi-minimal:9.4
+FROM --platform=linux/amd64 registry.access.redhat.com/ubi9/ubi-minimal:9.5
 
 RUN microdnf --disableplugin=subscription-manager -y install httpd \
   && microdnf --disableplugin=subscription-manager clean all \
diff --git a/packages/dev-deployment-base-image/README.md 
b/packages/dev-deployment-base-image/README.md
index 1e1d0b5ea97..bea7e8a78f8 100644
--- a/packages/dev-deployment-base-image/README.md
+++ b/packages/dev-deployment-base-image/README.md
@@ -21,9 +21,9 @@ Docker image with Java and Maven, as well as the 
dev-deployment-upload-service b
 
 ## Build arguments
 
-- `BUILDER_IMAGE_ARG`: The base image used for building this image (defaults 
to `registry.access.redhat.com/ubi9/openjdk-17:1.20`).
+- `BUILDER_IMAGE_ARG`: The base image used for building this image (defaults 
to `registry.access.redhat.com/ubi9/openjdk-17:1.21`).
   - Tested with:
-    - registry.access.redhat.com/ubi9/openjdk-17:1.20
+    - registry.access.redhat.com/ubi9/openjdk-17:1.21
     - icr.io/appcafe/ibm-semeru-runtimes:open-17-jdk-ubi-minimal
 
 ## Environment variables
diff --git a/packages/dev-deployment-base-image/env/index.js 
b/packages/dev-deployment-base-image/env/index.js
index 6970faab87a..3fa07d5b047 100644
--- a/packages/dev-deployment-base-image/env/index.js
+++ b/packages/dev-deployment-base-image/env/index.js
@@ -24,7 +24,7 @@ const rootEnv = require("@kie-tools/root-env/env");
 module.exports = composeEnv([rootEnv], {
   vars: varsWithName({
     DEV_DEPLOYMENT_BASE_IMAGE__builderImage: {
-      default: "registry.access.redhat.com/ubi9/openjdk-17:1.20",
+      default: "registry.access.redhat.com/ubi9/openjdk-17:1.21",
       description: "The image used in the FROM import.",
     },
     DEV_DEPLOYMENT_BASE_IMAGE__userId: {
diff --git a/packages/dev-deployment-dmn-form-webapp-image/Containerfile 
b/packages/dev-deployment-dmn-form-webapp-image/Containerfile
index 55e5c8e0366..3f775fc49c7 100644
--- a/packages/dev-deployment-dmn-form-webapp-image/Containerfile
+++ b/packages/dev-deployment-dmn-form-webapp-image/Containerfile
@@ -15,7 +15,7 @@
 # specific language governing permissions and limitations
 # under the License.
 
-FROM --platform=linux/amd64 registry.access.redhat.com/ubi9/ubi-minimal:9.4
+FROM --platform=linux/amd64 registry.access.redhat.com/ubi9/ubi-minimal:9.5
 
 ARG DEV_DEPLOYMENT_DMN_FORM_WEBAPP_DEFAULT_PORT=8081
 
diff --git 
a/packages/dev-deployment-upload-service/dev/Containerfile.ddus-buildtime-install
 
b/packages/dev-deployment-upload-service/dev/Containerfile.ddus-buildtime-install
index edc61a9a30f..03436d8db05 100644
--- 
a/packages/dev-deployment-upload-service/dev/Containerfile.ddus-buildtime-install
+++ 
b/packages/dev-deployment-upload-service/dev/Containerfile.ddus-buildtime-install
@@ -15,7 +15,7 @@
 # specific language governing permissions and limitations
 # under the License.
 
-FROM registry.access.redhat.com/ubi9/ubi-minimal:9.4
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.5
 
 ARG DDUS_FILESERVER_IP=""
 ARG DDUS_VERSION="0.0.0"
diff --git 
a/packages/dev-deployment-upload-service/dev/Containerfile.ddus-fileserver 
b/packages/dev-deployment-upload-service/dev/Containerfile.ddus-fileserver
index 317871ea51c..b7a1b09e7b5 100644
--- a/packages/dev-deployment-upload-service/dev/Containerfile.ddus-fileserver
+++ b/packages/dev-deployment-upload-service/dev/Containerfile.ddus-fileserver
@@ -15,7 +15,7 @@
 # specific language governing permissions and limitations
 # under the License.
 
-FROM registry.access.redhat.com/ubi9/ubi-minimal:9.4
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.5
 
 ARG DDUS_VERSION="0.0.0"
 
diff --git 
a/packages/dev-deployment-upload-service/dev/Containerfile.ddus-runtime-install 
b/packages/dev-deployment-upload-service/dev/Containerfile.ddus-runtime-install
index 9a1257528da..38a7768ad57 100644
--- 
a/packages/dev-deployment-upload-service/dev/Containerfile.ddus-runtime-install
+++ 
b/packages/dev-deployment-upload-service/dev/Containerfile.ddus-runtime-install
@@ -15,7 +15,7 @@
 # specific language governing permissions and limitations
 # under the License.
 
-FROM registry.access.redhat.com/ubi9/ubi-minimal:9.4
+FROM registry.access.redhat.com/ubi9/ubi-minimal:9.5
 
 ENV DDUS_FILESERVER_IP=""
 ENV DDUS_VERSION="0.0.0"
diff --git a/packages/kie-sandbox-extended-services-image/env/index.js 
b/packages/kie-sandbox-extended-services-image/env/index.js
index 01b4f7303cc..fa256c27be7 100644
--- a/packages/kie-sandbox-extended-services-image/env/index.js
+++ b/packages/kie-sandbox-extended-services-image/env/index.js
@@ -28,7 +28,7 @@ const {
 module.exports = composeEnv([rootEnv], {
   vars: varsWithName({
     KIE_SANDBOX_EXTENDED_SERVICES__builderImage: {
-      default: "registry.access.redhat.com/ubi9/openjdk-17:1.20",
+      default: "registry.access.redhat.com/ubi9/openjdk-17:1.21",
       description: "The image used in the FROM import.",
     },
     KIE_SANDBOX_EXTENDED_SERVICES__imageRegistry: {
diff --git a/packages/kie-sandbox-webapp-image/Containerfile 
b/packages/kie-sandbox-webapp-image/Containerfile
index b581a0dcfdc..4470454d014 100644
--- a/packages/kie-sandbox-webapp-image/Containerfile
+++ b/packages/kie-sandbox-webapp-image/Containerfile
@@ -15,7 +15,7 @@
 # specific language governing permissions and limitations
 # under the License.
 
-FROM --platform=linux/amd64 registry.access.redhat.com/ubi9/ubi-minimal:9.4
+FROM --platform=linux/amd64 registry.access.redhat.com/ubi9/ubi-minimal:9.5
 
 ARG KIE_SANDBOX_DEFAULT_PORT=8080
 
diff --git 
a/packages/kogito-base-builder-image/resources/incubator-kie-kogito-base-builder-image.yaml
 
b/packages/kogito-base-builder-image/resources/incubator-kie-kogito-base-builder-image.yaml
index 627f891be91..49b09efd8a8 100644
--- 
a/packages/kogito-base-builder-image/resources/incubator-kie-kogito-base-builder-image.yaml
+++ 
b/packages/kogito-base-builder-image/resources/incubator-kie-kogito-base-builder-image.yaml
@@ -20,7 +20,7 @@ schema_version: 1
 
 name: "docker.io/apache/incubator-kie-kogito-base-builder"
 version: "main"
-from: "registry.access.redhat.com/ubi8/openjdk-17:1.19"
+from: "registry.access.redhat.com/ubi8/openjdk-17:1.21"
 description: "Image with JDK and Maven, used as a base image. It is used by 
Web Tools !"
 
 labels:
diff --git 
a/packages/kogito-data-index-ephemeral-image/resources/incubator-kie-kogito-data-index-ephemeral-image.yaml
 
b/packages/kogito-data-index-ephemeral-image/resources/incubator-kie-kogito-data-index-ephemeral-image.yaml
index a84340f07a5..e7b34795a3b 100644
--- 
a/packages/kogito-data-index-ephemeral-image/resources/incubator-kie-kogito-data-index-ephemeral-image.yaml
+++ 
b/packages/kogito-data-index-ephemeral-image/resources/incubator-kie-kogito-data-index-ephemeral-image.yaml
@@ -18,7 +18,7 @@
 #
 name: "docker.io/apache/incubator-kie-kogito-data-index-ephemeral"
 version: "main"
-from: "registry.access.redhat.com/ubi8/openjdk-17-runtime:1.20"
+from: "registry.access.redhat.com/ubi8/openjdk-17-runtime:1.21"
 description: "Runtime image for Kogito Data Index Service for ephemeral 
PostgreSQL persistence provider"
 
 labels:
diff --git 
a/packages/kogito-data-index-postgresql-image/resources/incubator-kie-kogito-data-index-postgresql-image.yaml
 
b/packages/kogito-data-index-postgresql-image/resources/incubator-kie-kogito-data-index-postgresql-image.yaml
index cf4c8027420..0c92ea2332f 100644
--- 
a/packages/kogito-data-index-postgresql-image/resources/incubator-kie-kogito-data-index-postgresql-image.yaml
+++ 
b/packages/kogito-data-index-postgresql-image/resources/incubator-kie-kogito-data-index-postgresql-image.yaml
@@ -20,7 +20,7 @@ schema_version: 1
 
 name: "docker.io/apache/incubator-kie-kogito-data-index-postgresql"
 version: "main"
-from: "registry.access.redhat.com/ubi8/openjdk-17-runtime:1.20"
+from: "registry.access.redhat.com/ubi8/openjdk-17-runtime:1.21"
 description: "Runtime image for Kogito Data Index Service for PostgreSQL 
persistence provider"
 
 labels:
diff --git 
a/packages/kogito-jit-runner-image/resources/incubator-kie-kogito-jit-runner-image.yaml
 
b/packages/kogito-jit-runner-image/resources/incubator-kie-kogito-jit-runner-image.yaml
index 323a6cc1d50..02ae0bf09bd 100644
--- 
a/packages/kogito-jit-runner-image/resources/incubator-kie-kogito-jit-runner-image.yaml
+++ 
b/packages/kogito-jit-runner-image/resources/incubator-kie-kogito-jit-runner-image.yaml
@@ -20,7 +20,7 @@ schema_version: 1
 
 name: "docker.io/apache/incubator-kie-kogito-jit-runner"
 version: "main"
-from: "registry.access.redhat.com/ubi8/openjdk-17-runtime:1.20"
+from: "registry.access.redhat.com/ubi8/openjdk-17-runtime:1.21"
 description: "Runtime image for Kogito JIT Runner"
 
 labels:
diff --git 
a/packages/kogito-jobs-service-allinone-image/resources/incubator-kie-kogito-jobs-service-allinone-image.yaml
 
b/packages/kogito-jobs-service-allinone-image/resources/incubator-kie-kogito-jobs-service-allinone-image.yaml
index 03a41ec9d9d..b0bd0a71fb3 100644
--- 
a/packages/kogito-jobs-service-allinone-image/resources/incubator-kie-kogito-jobs-service-allinone-image.yaml
+++ 
b/packages/kogito-jobs-service-allinone-image/resources/incubator-kie-kogito-jobs-service-allinone-image.yaml
@@ -20,7 +20,7 @@ schema_version: 1
 
 name: "docker.io/apache/incubator-kie-kogito-jobs-service-ephemeral"
 version: "main"
-from: "registry.access.redhat.com/ubi8/openjdk-17-runtime:1.20"
+from: "registry.access.redhat.com/ubi8/openjdk-17-runtime:1.21"
 description: "Runtime image for Kogito Jobs Service with all available jdbc 
providers"
 
 labels:
diff --git 
a/packages/kogito-jobs-service-ephemeral-image/resources/incubator-kie-kogito-jobs-service-ephemeral-image.yaml
 
b/packages/kogito-jobs-service-ephemeral-image/resources/incubator-kie-kogito-jobs-service-ephemeral-image.yaml
index e9b17647ad7..9adabc4967d 100644
--- 
a/packages/kogito-jobs-service-ephemeral-image/resources/incubator-kie-kogito-jobs-service-ephemeral-image.yaml
+++ 
b/packages/kogito-jobs-service-ephemeral-image/resources/incubator-kie-kogito-jobs-service-ephemeral-image.yaml
@@ -20,7 +20,7 @@ schema_version: 1
 
 name: "docker.io/apache/incubator-kie-kogito-jobs-service-ephemeral"
 version: "main"
-from: "registry.access.redhat.com/ubi8/openjdk-17-runtime:1.20"
+from: "registry.access.redhat.com/ubi8/openjdk-17-runtime:1.21"
 description: "Runtime image for Kogito in memory Jobs Service"
 
 labels:
diff --git 
a/packages/kogito-jobs-service-postgresql-image/resources/incubator-kie-kogito-jobs-service-postgresql-image.yaml
 
b/packages/kogito-jobs-service-postgresql-image/resources/incubator-kie-kogito-jobs-service-postgresql-image.yaml
index 06ac396d1cb..2f7e9844ff7 100644
--- 
a/packages/kogito-jobs-service-postgresql-image/resources/incubator-kie-kogito-jobs-service-postgresql-image.yaml
+++ 
b/packages/kogito-jobs-service-postgresql-image/resources/incubator-kie-kogito-jobs-service-postgresql-image.yaml
@@ -20,7 +20,7 @@ schema_version: 1
 
 name: "docker.io/apache/incubator-kie-kogito-jobs-service-postgresql"
 version: "main"
-from: "registry.access.redhat.com/ubi8/openjdk-17-runtime:1.20"
+from: "registry.access.redhat.com/ubi8/openjdk-17-runtime:1.21"
 description: "Runtime image for Kogito Jobs Service based on Postgresql"
 
 labels:
diff --git a/packages/kogito-management-console/Containerfile 
b/packages/kogito-management-console/Containerfile
index e58ae32a702..2c2440d5a0f 100644
--- a/packages/kogito-management-console/Containerfile
+++ b/packages/kogito-management-console/Containerfile
@@ -15,7 +15,7 @@
 # specific language governing permissions and limitations
 # under the License.
 
-FROM --platform=linux/amd64 registry.access.redhat.com/ubi9/ubi-minimal:9.4
+FROM --platform=linux/amd64 registry.access.redhat.com/ubi9/ubi-minimal:9.5
 
 ARG KOGITO_MANAGEMENT_CONSOLE_PORT=8080
 
diff --git a/packages/maven-m2-repo-via-http-image/Containerfile 
b/packages/maven-m2-repo-via-http-image/Containerfile
index 214b9e3164f..88c1053f8c6 100644
--- a/packages/maven-m2-repo-via-http-image/Containerfile
+++ b/packages/maven-m2-repo-via-http-image/Containerfile
@@ -15,7 +15,7 @@
 # specific language governing permissions and limitations
 # under the License.
 
-FROM --platform=linux/amd64 registry.access.redhat.com/ubi9/ubi-minimal:9.4
+FROM --platform=linux/amd64 registry.access.redhat.com/ubi9/ubi-minimal:9.5
 
 # Argument for configuring the port
 ARG PORT=80
diff --git 
a/packages/sonataflow-builder-image/resources/incubator-kie-sonataflow-builder-image.yaml
 
b/packages/sonataflow-builder-image/resources/incubator-kie-sonataflow-builder-image.yaml
index 5955cbad3a6..13de03b566b 100644
--- 
a/packages/sonataflow-builder-image/resources/incubator-kie-sonataflow-builder-image.yaml
+++ 
b/packages/sonataflow-builder-image/resources/incubator-kie-sonataflow-builder-image.yaml
@@ -17,7 +17,7 @@
 # under the License.
 #
 - name: builder
-  from: "registry.access.redhat.com/ubi8/openjdk-17:1.19"
+  from: "registry.access.redhat.com/ubi8/openjdk-17:1.21"
   version: "main"
   modules:
     repositories:
@@ -34,7 +34,7 @@
       - name: org.kie.sonataflow.common.build
 
 - name: "docker.io/apache/incubator-kie-sonataflow-builder"
-  from: "registry.access.redhat.com/ubi8/openjdk-17:1.19"
+  from: "registry.access.redhat.com/ubi8/openjdk-17:1.21"
   version: "main"
   description: "Kogito Serverless Workflow base builder with Quarkus 
extensions libraries preinstalled"
 
diff --git 
a/packages/sonataflow-devmode-image/resources/incubator-kie-sonataflow-devmode-image.yaml
 
b/packages/sonataflow-devmode-image/resources/incubator-kie-sonataflow-devmode-image.yaml
index 8bd15fb6bfd..129498f7d80 100644
--- 
a/packages/sonataflow-devmode-image/resources/incubator-kie-sonataflow-devmode-image.yaml
+++ 
b/packages/sonataflow-devmode-image/resources/incubator-kie-sonataflow-devmode-image.yaml
@@ -17,7 +17,7 @@
 # under the License.
 #
 - name: builder
-  from: "registry.access.redhat.com/ubi8/openjdk-17:1.19"
+  from: "registry.access.redhat.com/ubi8/openjdk-17:1.21"
   version: "main"
   modules:
     repositories:
@@ -37,7 +37,7 @@
     manager: microdnf
 
 - name: "docker.io/apache/incubator-kie-sonataflow-devmode"
-  from: "registry.access.redhat.com/ubi8/openjdk-17:1.19"
+  from: "registry.access.redhat.com/ubi8/openjdk-17:1.21"
   version: "main"
   description: "Kogito Serverless Workflow development mode with Quarkus 
extensions libraries preinstalled"
 
diff --git 
a/packages/sonataflow-management-console-image/resources/incubator-kie-sonataflow-management-console-image.yaml
 
b/packages/sonataflow-management-console-image/resources/incubator-kie-sonataflow-management-console-image.yaml
index 01ebf37e650..ee71ccc9acf 100644
--- 
a/packages/sonataflow-management-console-image/resources/incubator-kie-sonataflow-management-console-image.yaml
+++ 
b/packages/sonataflow-management-console-image/resources/incubator-kie-sonataflow-management-console-image.yaml
@@ -17,7 +17,7 @@
 # under the License.
 #
 - name: "docker.io/apache/incubator-kie-sonataflow-devmode"
-  from: "registry.access.redhat.com/ubi9/httpd-24:1-336.1725850633"
+  from: "registry.access.redhat.com/ubi9/httpd-24:9.5"
   version: "0.0.0"
   description: "SonataFlow Management Console Image"
 
diff --git a/packages/sonataflow-operator/images/manager.yaml 
b/packages/sonataflow-operator/images/manager.yaml
index ca60f1df2a6..b8ebd7338c7 100644
--- a/packages/sonataflow-operator/images/manager.yaml
+++ b/packages/sonataflow-operator/images/manager.yaml
@@ -33,7 +33,7 @@
 
 - name: sonataflow-operator
   version: 0.0.0
-  from: "registry.access.redhat.com/ubi9/ubi-micro:9.5-1731519709"
+  from: "registry.access.redhat.com/ubi9/ubi-micro:9.5"
   description: Runtime Image for the Operator
 
   args:


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@kie.apache.org
For additional commands, e-mail: commits-h...@kie.apache.org

Reply via email to