farski
commented
2 years ago My understanding of this issue is that it only applies when doing a docker push without any tags. We always push explicitly tagged images from CodeBuild, so I don't think we are affected by this.
Hello,
We previously sent a notification on October 22 regarding an issue with CodeBuild builds using an AWS managed docker image. The original notification included an incorrect argument in the command to be updated in the buildspec file. This has been corrected and this notification has the correct command below.
We are reaching out to you because you ran a CodeBuild build using an AWS managed docker image [1] in the last 4 weeks. Due to a CVE[2], the AWS CodeBuild team has updated Docker to version 20.10.x in CodeBuild’s standard image. In this version, the behavior of the "docker push" command has changed and by default, it will only push images with a "latest" tag [3]. If your build runs a "docker push", without the docker image being tagged as "latest", it will fail with "tag does not exist" error. Please update the "docker push" command to "docker push --all-tags " in your buildspec file.
If you have any questions or concerns, please contact AWS support [4].
[1] https://docs.aws.amazon.com/codebuild/latest/userguide/build-env-ref-available.html [2] https://github.com/moby/moby/security/advisories/GHSA-3fwx-pjgw-3558 [3] https://docs.docker.com/engine/release-notes/#20100 [4] https://aws.amazon.com/support
Sincerely, Amazon Web Services