search

eddelbuettel / r2u

CRAN as Ubuntu Binaries
https://eddelbuettel.github.io/r2u
247 stars 17 forks source link

Enhancement: Update to R 4.4 #57

Closed marcelo-g-simas closed 7 months ago

marcelo-g-simas commented 7 months ago

Would it be possible to update to R 4.4 (released yesterday). This is important for folks that run on security sensitive environments given the recently found high severity vulnerability in R (https://thehackernews.com/2024/04/new-r-programming-vulnerability-exposes.html).

I can help get this going with a little support / guidance from you guys. But if you just tell me that's not going to happen over the next few weeks we may just switch to vanilla rocker/r-ver until you guys can update this image to R 4.4.

Thanks! Marcelo

eddelbuettel commented 7 months ago

Guys? Who else do you see here?

You also misunderstand. R 4.4.0 binaries have been available (for Ubuntu) since the weekend (following the Debian binaries I released the day R 4.4.0 was released). All you need is apt upgrade -qqq; apt update --yes. The r2u project is about CRAN packages as .deb binaries. It is a user of the R binaries in r-base-core just like other projects.

I will update the container soon and am working on that. You can always do so yourself any moment you desire, the Dockerfile is in this repo.

marcelo-g-simas commented 7 months ago

Great, was just not sure if simply doing a update/upgrade would pull down 4.4. Will test that on our end. Thank you so much for the quick response.

eddelbuettel commented 7 months ago

It will. That is what apt does given suitable repos. And @marutter and I have been taking care of those CRAN-mirrored Ubuntu binaries for well over a decade. Trust the process.

marcelo-g-simas commented 7 months ago

I do, was just not fully grasping that detail. Thanks again.

eddelbuettel commented 7 months ago

Also, technically r2u is the apt repo. The container is 'just a convenience' to access it. But it is current now:

edd@rob:~$ docker run --rm -ti rocker/r2u R -q -e 'getRversion()'
> getRversion()
[1] ‘4.4.0’
> 
> 
edd@rob:~$

But I recommend you keep an eye out for other stories around the CVE. One aspect is addressed, it is still an open door just like system() or system2() or pipe() are. A language that excels because it allows computation on the language will have such issues. Check your inputs. And check them again.