Skip to content

Commit b5acf4d

Browse files
committed
fix(controlplane): upgrade Atlas image to fix critical gRPC CVE
Upgrade Atlas from v1.1.7-0f00ade-canary to v1.1.7-2e53571-canary which ships google.golang.org/grpc v1.79.3+, fixing GHSA-p77j-4mvh-x3m3 (Critical, CVSS 9.1) — gRPC-Go authorization bypass via missing leading slash in :path header. Closes #2941 Signed-off-by: Miguel Martinez Trivino <miguel@chainloop.dev>
1 parent 62867c0 commit b5acf4d

1 file changed

Lines changed: 4 additions & 4 deletions

File tree

app/controlplane/Dockerfile.migrations

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,9 @@
11
# Container image built by go-releaser that's used to run migrations against the database during deployment
22
# See https://atlasgo.io/guides/deploying/image
3-
# from: arigaio/atlas:v1.1.7-0f00ade-canary
4-
# docker run arigaio/atlas@sha256:cbeb45f5342e8e614a60a7ffa355973e5c45f8a8529651c36b9a8ec7e9337d02 version
5-
# atlas version v1.1.7-0f00ade-canary
6-
FROM arigaio/atlas@sha256:cbeb45f5342e8e614a60a7ffa355973e5c45f8a8529651c36b9a8ec7e9337d02 as base
3+
# from: arigaio/atlas:v1.1.7-2e53571-canary
4+
# docker run arigaio/atlas@sha256:7f36d26819623b7a52b6e9c0aebf40891623baf349e1b1c38580dd6ebf2b32c3 version
5+
# atlas version v1.1.7-2e53571-canary
6+
FROM arigaio/atlas@sha256:7f36d26819623b7a52b6e9c0aebf40891623baf349e1b1c38580dd6ebf2b32c3 as base
77

88
FROM scratch
99
# Update permissions to make it readable by the user

0 commit comments

Comments
 (0)