T283165 updated the production servers, but if we still run production images on Stretch we need to rebuild/redeploy them with latest Stretch:
The expected version numbers are
openssl1.0: 1.0.2u-1~deb9u5
gnutls28: 3.5.8-5+deb9u6
T283165 updated the production servers, but if we still run production images on Stretch we need to rebuild/redeploy them with latest Stretch:
The expected version numbers are
openssl1.0: 1.0.2u-1~deb9u5
gnutls28: 3.5.8-5+deb9u6
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | TheDJ | T283164 Let's Encrypt issuance chains update | |||
Resolved | SLyngshede-WMF | T283165 OpenSSL < 1.1.0 compatibility issues with new LE issuance chain | |||
Resolved | Joe | T291458 Rebuild production Stretch images with GNUTLS/OpenSSL updates for LE issue chain update |
The debmonitor query for libssl 1.0.2 tells us it's mostly images under the /releng prefix.
In addition, we have the following images:
The debmonitor query for | libgnutls30 tells us again it's mostly releng images, plus:
Change 722565 had a related patch set uploaded (by Giuseppe Lavagetto; author: Giuseppe Lavagetto):
[operations/docker-images/production-images@master] Update a few stretch-based images for openssl / gnutls updates
Mentioned in SAL (#wikimedia-operations) [2021-09-21T09:44:58Z] <_joe_> deleting images for graphoid, T291458
Mentioned in SAL (#wikimedia-operations) [2021-09-21T09:46:08Z] <_joe_> deneb:~# docker-registryctl delete-tags docker-registry.wikimedia.org/fluentd T291458
Change 722565 merged by Giuseppe Lavagetto:
[operations/docker-images/production-images@master] Update a few stretch-based images for openssl / gnutls updates
Mentioned in SAL (#wikimedia-operations) [2021-09-21T09:59:27Z] <_joe_> rebuilding openjdk8* image, ruby, nodejs-slim for T291458
Change 722572 had a related patch set uploaded (by Giuseppe Lavagetto; author: Giuseppe Lavagetto):
[operations/docker-images/production-images@master] Fix openjdk8 images build
Change 722572 merged by Giuseppe Lavagetto:
[operations/docker-images/production-images@master] Fix openjdk8 images build
Change 722606 had a related patch set uploaded (by Giuseppe Lavagetto; author: Giuseppe Lavagetto):
[wikimedia/portals@master] Update blubberfile to avoid specific versions of parent images
Change 722606 merged by jenkins-bot:
[wikimedia/portals@master] Update blubberfile to avoid specific versions of parent images
Change 725765 had a related patch set uploaded (by Giuseppe Lavagetto; author: Giuseppe Lavagetto):
[wikimedia/portals@master] pipeline: switch to newer, buster-based image
Change 725765 merged by jenkins-bot:
[wikimedia/portals@master] pipeline: switch to newer, buster-based image