From 5964726f7e45992aaa0e9fdbde04d9b3ada33816 Mon Sep 17 00:00:00 2001 From: sean wibisono Date: Wed, 25 Feb 2026 13:28:16 +1100 Subject: [PATCH 1/7] update base image to jdk image --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 5fb795c79..7346b0715 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # sha from https://hub.docker.com/layers/library/eclipse-temurin/21-jre-alpine-3.23/images/sha256-693c22ea458d62395bac47a2da405d0d18c77b205211ceec4846a550a37684b6 -FROM eclipse-temurin@sha256:693c22ea458d62395bac47a2da405d0d18c77b205211ceec4846a550a37684b6 +FROM eclipse-temurin:21-jdk-alpine # For Amazon Corretto Crypto Provider RUN apk add --no-cache gcompat From 6b1cd0c553fbd823a4300f239551e714d6a7511f Mon Sep 17 00:00:00 2001 From: sean wibisono Date: Wed, 25 Feb 2026 13:52:42 +1100 Subject: [PATCH 2/7] add java options for profiling --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 7346b0715..4b594793f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -28,6 +28,7 @@ USER uid2-operator CMD java \ -XX:MaxRAMPercentage=95 -XX:-UseCompressedOops -XX:+PrintFlagsFinal -XX:-OmitStackTraceInFastThrow \ + -XX:+UnlockDiagnosticVMOptions -XX:+DebugNonSafepoints \ -Djava.security.egd=file:/dev/./urandom \ -Dvertx.logger-delegate-factory-class-name=io.vertx.core.logging.SLF4JLogDelegateFactory \ -Dlogback.configurationFile=/app/conf/logback.xml \ From 32512e68689029839762be007057f36f0a3c179e Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Wed, 25 Feb 2026 02:58:45 +0000 Subject: [PATCH 3/7] [CI Pipeline] Released Snapshot version: 5.66.15-alpha-312-SNAPSHOT --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 2773ab5e1..2800f87c7 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-operator - 5.66.14 + 5.66.15-alpha-312-SNAPSHOT UTF-8 From 70765f435b864cee067431b945432b0124781434 Mon Sep 17 00:00:00 2001 From: sean wibisono Date: Wed, 25 Feb 2026 14:06:09 +1100 Subject: [PATCH 4/7] try fix vulnerability --- Dockerfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4b594793f..3fafd290f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,5 @@ # sha from https://hub.docker.com/layers/library/eclipse-temurin/21-jre-alpine-3.23/images/sha256-693c22ea458d62395bac47a2da405d0d18c77b205211ceec4846a550a37684b6 -FROM eclipse-temurin:21-jdk-alpine - +FROM eclipse-temurin@sha256:89517925fa675c6c4b770bee7c44d38a7763212741b0d6fca5a5103caab21a97 # For Amazon Corretto Crypto Provider RUN apk add --no-cache gcompat @@ -23,6 +22,9 @@ COPY ./conf/*.xml /app/conf/ RUN tar xzvf /app/static.tar.gz --no-same-owner --no-same-permissions && rm -f /app/static.tar.gz +# Fix CVE-2025-68973: Update gnupg to patched version +RUN apk update && apk upgrade gnupg && rm -rf /var/cache/apk/* + RUN adduser -D uid2-operator && mkdir -p /opt/uid2 && chmod 777 -R /opt/uid2 && mkdir -p /app && chmod 705 -R /app && mkdir -p /app/file-uploads && chmod 777 -R /app/file-uploads && mkdir -p /app/pod_terminating && chmod 777 -R /app/pod_terminating USER uid2-operator From f10849329de3b96e5c55cae4fabea6760254301a Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Wed, 25 Feb 2026 03:19:40 +0000 Subject: [PATCH 5/7] [CI Pipeline] Released Snapshot version: 5.66.16-alpha-313-SNAPSHOT --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 2800f87c7..3ae867f43 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-operator - 5.66.15-alpha-312-SNAPSHOT + 5.66.16-alpha-313-SNAPSHOT UTF-8 From 12f3958b68682d4898e70cbf1c413ad944a4811a Mon Sep 17 00:00:00 2001 From: sean wibisono Date: Wed, 25 Feb 2026 14:29:14 +1100 Subject: [PATCH 6/7] use latest image and upgrade libraries to try fix more vulnerabilities --- Dockerfile | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3fafd290f..7d209b497 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,4 @@ -# sha from https://hub.docker.com/layers/library/eclipse-temurin/21-jre-alpine-3.23/images/sha256-693c22ea458d62395bac47a2da405d0d18c77b205211ceec4846a550a37684b6 -FROM eclipse-temurin@sha256:89517925fa675c6c4b770bee7c44d38a7763212741b0d6fca5a5103caab21a97 +FROM eclipse-temurin:21-jdk-alpine # For Amazon Corretto Crypto Provider RUN apk add --no-cache gcompat @@ -23,7 +22,9 @@ COPY ./conf/*.xml /app/conf/ RUN tar xzvf /app/static.tar.gz --no-same-owner --no-same-permissions && rm -f /app/static.tar.gz # Fix CVE-2025-68973: Update gnupg to patched version -RUN apk update && apk upgrade gnupg && rm -rf /var/cache/apk/* +# Fix CVE-2026-1584: Update gnutls to patched version +# Fix CVE-2026-25646: Update libpng to patched version +RUN apk update && apk upgrade gnupg gnutls libpng && rm -rf /var/cache/apk/* RUN adduser -D uid2-operator && mkdir -p /opt/uid2 && chmod 777 -R /opt/uid2 && mkdir -p /app && chmod 705 -R /app && mkdir -p /app/file-uploads && chmod 777 -R /app/file-uploads && mkdir -p /app/pod_terminating && chmod 777 -R /app/pod_terminating USER uid2-operator From 57e24ece2f10a2fd41c8295a37393f5d93ec75e5 Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Wed, 25 Feb 2026 03:35:54 +0000 Subject: [PATCH 7/7] [CI Pipeline] Released Snapshot version: 5.66.17-alpha-314-SNAPSHOT --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 3ae867f43..ff45a03a8 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-operator - 5.66.16-alpha-313-SNAPSHOT + 5.66.17-alpha-314-SNAPSHOT UTF-8