Recent Docker-Image missing on dockerhub

plantuml / plantuml-server

PlantUML Online Server

https://plantuml.com/

GNU General Public License v3.0

1.59k stars 463 forks source link

Recent Docker-Image missing on dockerhub #307

Closed modmew8 closed 11 months ago

modmew8 commented 11 months ago

Hi there!

I stumbled across CVEs that got fixed with plantuml version v1.2023.9 (CVE-2023-3432 and CVE-2023-3431 in particular) - but the latest version for plantuml-server is v1.2023.8.

After checking the github actions and the last few commits I assume the version tag v1.2023.9 was forgotten on the commit that updated the plantuml version to v1.2023.9 - but no guarantee, I am not familiar if v1.2023.9 could possibly not be ready for release on plantuml-server site.

Best regards

HeinrichAD commented 11 months ago

@arnaudroques since PlantUML v1.2023.9 comes with breaking changes w.r.t. ALLOW_PLANTUML_INCLUDE and PLANTUML_SECURITY_PROFILE you though about implementing something like plantuml.allowlist.port here: https://github.com/plantuml/plantuml-server/pull/301#issuecomment-1589988589. Following the further communication, I do not believe that this will be implemented. Was there anything else in favor of holding back the release or should we confront the users with the changes :sweat_smile:

In the mean time v1.2023.10 is release. We could also just skip v1.2023.9 and directly to to version v1.2023.10.

arnaudroques commented 11 months ago

I assume the version tag v1.2023.9 was forgotten on the commit that updated the plantuml version to v1.2023.9

Yes, sorry about that...

Anyway, we have just tagged v1.2023.10 so you should be able to upgrade.

Tell us if you have any issues!

modmew8 commented 11 months ago

Thank you very much!