Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update deps: includes nginx 1.18.0 (addresses CVE-2019-20372 tripping up scanners) #1874

Merged
merged 1 commit into from
Aug 6, 2020
Merged

update deps: includes nginx 1.18.0 (addresses CVE-2019-20372 tripping up scanners) #1874

merged 1 commit into from
Aug 6, 2020

Conversation

tas50
Copy link
Contributor

@tas50 tas50 commented Aug 6, 2020
edited by robbkidd
Loading

The new omnibus-software definition brings in nginx 1.18.0 to resolve CVE-2019-20372

Resolves #1870

Also we have additional ruby-cleanup steps now and smaller deps in many libraries that should result in a slightly smaller supermarket package.

Signed-off-by: Tim Smith tsmith@chef.io

@tas50
Update omnibus/omnibus-software defs to slim package size
5d2960d 
We have additional ruby-cleanup steps now and smaller deps in many
libraries that should result in a slightly smaller supermarket package.

Signed-off-by: Tim Smith <tsmith@chef.io>
@tas50 tas50 changed the title Update omnibus/omnibus-software defs to slim package size Update omnibus lockfile for nginx 1.18.0 / smaller package size Aug 6, 2020
@tas50 tas50 mentioned this pull request Aug 6, 2020
Merged
@robbkidd robbkidd changed the title Update omnibus lockfile for nginx 1.18.0 / smaller package size update omnibus dependencies: includes nginx 1.18.0 & reduces package size Aug 6, 2020
@robbkidd robbkidd changed the title update omnibus dependencies: includes nginx 1.18.0 & reduces package size update deps: includes nginx 1.18.0 & reduces package size Aug 6, 2020
@robbkidd robbkidd changed the title update deps: includes nginx 1.18.0 & reduces package size update deps: includes nginx 1.18.0 (addresses CVE-2019-20372 tripping up scanners) Aug 6, 2020
robbkidd
robbkidd approved these changes Aug 6, 2020
View reviewed changes
Copy link
Contributor

@robbkidd robbkidd left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

tenor-131648807

@robbkidd robbkidd added Aspect: Packaging Distribution of the projects 'compiled' artifacts. Aspect: Security Can an unwanted third party affect the stability or look at privileged information? Type: Chore non-critical maintenance of a project. labels Aug 6, 2020
@robbkidd robbkidd merged commit 0023db8 into master Aug 6, 2020
@robbkidd robbkidd deleted the slim_package branch August 7, 2020 14:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@robbkidd robbkidd robbkidd approved these changes

Assignees
No one assigned
Labels
Aspect: Packaging Distribution of the projects 'compiled' artifacts. Aspect: Security Can an unwanted third party affect the stability or look at privileged information? Type: Chore non-critical maintenance of a project.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Nginx version bump ( > 1.17.7) due to CVE-2019-20372
2 participants
@tas50 @robbkidd