From e3130d5731d499dbd85d1f9e8196ab1e62d4cc69 Mon Sep 17 00:00:00 2001 From: Johan Kumps Date: Wed, 10 Jan 2024 18:45:58 +0100 Subject: [PATCH] Upgrade base image + upgrade librarties fixing critical and high CVE issues --- admin-ui/Dockerfile | 2 +- admin-ui/pom.xml | 4 ++-- knowledge-directory/Dockerfile | 2 +- knowledge-directory/pom.xml | 4 ++-- smart-connector-rest-dist/Dockerfile | 9 ++++++++- smart-connector-rest-server/pom.xml | 4 ++-- smart-connector/pom.xml | 2 +- 7 files changed, 17 insertions(+), 10 deletions(-) diff --git a/admin-ui/Dockerfile b/admin-ui/Dockerfile index bc7f59c1d..4caf48430 100644 --- a/admin-ui/Dockerfile +++ b/admin-ui/Dockerfile @@ -1,4 +1,4 @@ -FROM eclipse-temurin:17 +FROM eclipse-temurin:21-alpine LABEL org.opencontainers.image.source https://github.com/tno/knowledge-engine LABEL org.opencontainers.image.description="Knowledge Engine: Admin UI" LABEL org.opencontainers.image.licenses=Apache-2.0 diff --git a/admin-ui/pom.xml b/admin-ui/pom.xml index 570a3c6e1..dc97ccb59 100644 --- a/admin-ui/pom.xml +++ b/admin-ui/pom.xml @@ -14,10 +14,10 @@ A user interface for managing a Knowledge Network. - 1.5.18 + 1.6.12 9.4.51.v20230217 2.34 - 2.9.9 + 2.16.1 UTF-8 diff --git a/knowledge-directory/Dockerfile b/knowledge-directory/Dockerfile index 830ec0f49..b507e577c 100644 --- a/knowledge-directory/Dockerfile +++ b/knowledge-directory/Dockerfile @@ -1,4 +1,4 @@ -FROM eclipse-temurin:17 +FROM eclipse-temurin:21-alpine LABEL org.opencontainers.image.source https://github.com/tno/knowledge-engine LABEL org.opencontainers.image.description="Knowledge Engine: Knowledge Directory" LABEL org.opencontainers.image.licenses=Apache-2.0 diff --git a/knowledge-directory/pom.xml b/knowledge-directory/pom.xml index b630a1a88..cc81759fb 100644 --- a/knowledge-directory/pom.xml +++ b/knowledge-directory/pom.xml @@ -14,11 +14,11 @@ - 1.5.18 + 1.6.12 1.1.0.Final 9.4.51.v20230217 2.35 - 2.9.9 + 2.16.1 4.13.1 1.1.7 4.0.1 diff --git a/smart-connector-rest-dist/Dockerfile b/smart-connector-rest-dist/Dockerfile index 00dd685c2..bca11501e 100644 --- a/smart-connector-rest-dist/Dockerfile +++ b/smart-connector-rest-dist/Dockerfile @@ -1,4 +1,4 @@ -FROM eclipse-temurin:17 +FROM eclipse-temurin:21-alpine LABEL org.opencontainers.image.source https://github.com/tno/knowledge-engine LABEL org.opencontainers.image.description="Knowledge Engine: Smart Connector (with HTTP API)" LABEL org.opencontainers.image.licenses=Apache-2.0 @@ -8,6 +8,13 @@ ARG JAR_FILE=target/*-with-dependencies.jar # Copy the jar in a single directory COPY ${JAR_FILE} /knowledge_engine/knowledge-engine.jar +# Make sure files/folders needed by the processes are accessable when they run under the nobody user +RUN chown -R nobody /knowledge_engine + +# Switch to use a non-root user from here on +# Use uid of nobody user (65534) because kubernetes expects numeric user when applying pod security policies +USER 65534 + EXPOSE 8280 # Add that directory to the class path. diff --git a/smart-connector-rest-server/pom.xml b/smart-connector-rest-server/pom.xml index e5e865935..f68a21e29 100644 --- a/smart-connector-rest-server/pom.xml +++ b/smart-connector-rest-server/pom.xml @@ -11,10 +11,10 @@ - 1.5.18 + 1.6.12 9.4.51.v20230217 2.35 - 2.9.9 + 2.16.1 UTF-8 diff --git a/smart-connector/pom.xml b/smart-connector/pom.xml index 388ea4022..8062fa439 100644 --- a/smart-connector/pom.xml +++ b/smart-connector/pom.xml @@ -179,7 +179,7 @@ 1.5.18 2.35 4.0.1 - 2.9.9 + 2.16.1