Upgrade dockerfiles to use composer 2.1.9 per CVE-2021-41116
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	Zabe
	Oct 25 2021, 3:47 PM

Description

They are currently using 2.1.8 (see T279857). They should be upgraded to 2.1.9 in order to fix CVE-2021-41116.

Related Changes in Gerrit:

	Subject	Repo	Branch	Lines +/-
	dockerfiles: [composer-scratch] Upgrade composer to 2.3.3 and cascade	integration/config	master	+246 -2

Status	Assigned	Task
Resolved	Jdforrester-WMF	T294260 Upgrade dockerfiles to use composer 2.1.9 per CVE-2021-41116
Resolved	kostajh	T300340 Use Memcached with Quibble
Resolved	hashar	T304147 jenkis CI wikibase-repo-docker failing with new quibble version

So it's probably low-ish priority for CI, but in terms of keeping ontop of it, we should get it integrated.

Reedy triaged this task as Low priority.Oct 25 2021, 3:58 PM

Change 771004 had a related patch set uploaded (by Jforrester; author: Jforrester):

[integration/config@master] dockerfiles: [composer-scratch] Upgrade composer to 2.3.3 and cascade

Change 771004 merged by jenkins-bot:

[integration/config@master] dockerfiles: [composer-scratch] Upgrade composer to 2.3.3 and cascade

Mentioned in SAL (#wikimedia-releng) [2022-04-04T22:43:14Z] <James_F> dockerfiles: [composer-scratch] Upgrade composer to 2.3.3 and cascade for T294260

We first need to finish the deployment of Memcached support which is T300340

Reedy closed this task as Resolved.Dec 23 2022, 10:08 PM

Reedy assigned this task to Jdforrester-WMF.