You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Recent OpenSSL advisory had me checking if GAE has us safe. When I ran apt-get update -y && apt-get upgrade -y on a freshly deployed app I see there are a lot of packages out-of-date:
The following packages will be upgraded:
apt apt-utils base-files binutils binutils-common binutils-x86-64-linux-gnu
ca-certificates cmake cmake-data curl distro-info-data gir1.2-gdkpixbuf-2.0
gir1.2-harfbuzz-0.0 gir1.2-poppler-0.18 git git-man gpgv libapt-pkg6.0
libasn1-8-heimdal libbinutils libctf-nobfd0 libctf0 libcurl3-gnutls libcurl4
libcurl4-openssl-dev libexpat1 libexpat1-dev libfreetype-dev libfreetype6
libfreetype6-dev libgdk-pixbuf2.0-0 libgdk-pixbuf2.0-bin
libgdk-pixbuf2.0-common libgdk-pixbuf2.0-dev libgmp-dev libgmp10
libgmpxx4ldbl libgnutls30 libgssapi-krb5-2 libgssapi3-heimdal
libharfbuzz-dev libharfbuzz-gobject0 libharfbuzz-icu0 libharfbuzz0b
libhcrypto4-heimdal libheimbase1-heimdal libheimntlm0-heimdal
libhx509-5-heimdal libjbig-dev libjbig0 libjpeg-turbo8 libjpeg-turbo8-dev
libk5crypto3 libkrb5-26-heimdal libkrb5-3 libkrb5support0 libmysqlclient-dev
libmysqlclient21 libnss3 libpam-modules libpam-modules-bin libpam-runtime
libpam0g libpcre2-16-0 libpcre2-32-0 libpcre2-8-0 libpcre2-dev
libpcre2-posix2 libperl5.30 libpixman-1-0 libpixman-1-dev libpoppler-dev
libpoppler-glib-dev libpoppler-glib8 libpoppler97 libpq-dev libpq5
libpython3.8 libpython3.8-dev libpython3.8-minimal libpython3.8-stdlib
libroken18-heimdal libsqlite3-0 libsqlite3-dev libssl-dev libssl1.1
libtiff-dev libtiff5 libtiffxx5 libudev1 libwind0-heimdal libxml2
libxml2-dev libxml2-utils libxslt1-dev libxslt1.1 linux-libc-dev login
openssl passwd perl perl-base perl-modules-5.30 python3.8 python3.8-dev
python3.8-minimal tzdata zlib1g zlib1g-dev
109 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 58.8 MB of archives.
After this operation, 227 kB of additional disk space will be used.
This is re-enforced by the fact that GCP lists the GAE built apps as having many CVEs according to the container registry:
In theory we could direct the generate dockerfile to use our own base container which we update more often. But that seems like a lot of effort given that the point of GAE is to remove that sort of maintenance.
If the augmented-base container ran apt-get upgrade -y then every time the app is built and deployed it would get all the latest security updates automatically. Is there a way to make this happen?
The text was updated successfully, but these errors were encountered:
It looks like the base container runs
apt-get upgrade
but the generated Dockerfile does not.Recent OpenSSL advisory had me checking if GAE has us safe. When I ran
apt-get update -y && apt-get upgrade -y
on a freshly deployed app I see there are a lot of packages out-of-date:This is re-enforced by the fact that GCP lists the GAE built apps as having many CVEs according to the container registry:
In theory we could direct the generate dockerfile to use our own base container which we update more often. But that seems like a lot of effort given that the point of GAE is to remove that sort of maintenance.
If the
augmented-base
container ranapt-get upgrade -y
then every time the app is built and deployed it would get all the latest security updates automatically. Is there a way to make this happen?The text was updated successfully, but these errors were encountered: