Rebuild RHEL-based images to pickup important fixes

[leochr]

Some important CVEs were recently fixed in RHEL (including UBI 8.4). Linux kernel bug (CVE-2022-0185) is widely known, but there are few other CVE fixes as well. Fixes were made as recently as January 25th.

The images in icr.io/appcafe/ibm-semeru-runtimes are 1-2 weeks old. Please rebuild them to pick up the fixes. Thank you.

@narkedi @AdamBrousseau

[narkedi]

@leochr The images are rebuild with the latest versions. There are no new CVE's at the moment. We will make sure to respin on a weekly basis going forward.

[leochr]

@narkedi Thank you! It's ideal to have the rebuild automated (cron job). Is that something in place or in the plan?

[leochr]

@narkedi when will the Java semeru images in icr.io be rebuilt next? Is the rebuild automated or kicked off manually? Some customers reported that some CVEs are fixed in UBI, so want to make sure they are included in the Java images. Thank you.

[narkedi]

@leochr All the images are up-to-date and they don't show any security issues. To answer the question, its not a cron at the moment, but the automatic run is being triggered every Friday.

[leochr]

Thank you @narkedi!

[narkedi]

As this is being handled now, can you please close this issue @leochr . Thanks !!

[leochr]

Closing. Thank you @narkedi

[leochr]

@narkedi recent scans flagged some CVEs that were fixed by Red Hat a few days ago. Can we expect the Java images in icr.io to be rebuilt this Friday?

As the frequency of CVEs and fixes has increased, especially since Log4j issues, it'll be ideal to rebuild every few days. Please consider rebuilding twice a week (perhaps Mondays and Thursdays). Then the Liberty images can do the same (Tuesdays and Fridays). Thank you!