Update Libs, Including migration to Spring Boot 3.3 and HSQLDB version upgrade
Docker Image Improvements
Two bug fixes for Docker
Add UBI9 to Docker images
Details
🐔 Bug fixes
2649
Fix transcoding not working on Alpine images
2650
Fix an issue where the Health check was notified incorrectly when the context path had a non-slash character. This did not affect the running server itself, but the Jpsonic icon was always displayed in orange instead of green on UI of the DockerDesktop or DSM Container Manager.
🐥Maintenance
2652
Only available for amd64
Additional Notes
Alpine Image Vulnerabilities
Two of the busybox ones are false positives, two are not relevant as they are not used. rustix probably doesn't use the code. (FFmpeg Security)
Future Vulnerabilities Management
In most cases there are no vulnerabilities, but it's a pain to write this every time 🙄
Jpsonic itself has a filter to filter out false positives for CVEs.
Alpine Image plans to maintain a similar suppression filter in the near future. Ubuntu and UBI9 might be a bit slower than that.
Why we can’t get started right away
The tools are incomplete, so it's too early to try and error.
ttps://github.com/docker/scout-cli/issues/115
If this were possible, it would be easy to suppress false positives for Alpine Image, which has fewer alerts in the first place.
Ubuntu and UBI9
As the number of cases is somewhat high, progress will likely be monitored for a while. (I think most of it is false positives.) The reason for the high number of false positives is that Docker Scout has just been released and is not yet stable.
https://github.com/docker/scout-cli/issues/71
In other words, both Docker Scout and Jpsonic management are in a transitional period. Things are probably moving in a better direction, so let's be patient and evaluate for a while.
Overview
Details
🐔 Bug fixes
2649
2650
🐥Maintenance
2652
Additional Notes
Alpine Image Vulnerabilities
Two of the busybox ones are false positives, two are not relevant as they are not used. rustix probably doesn't use the code. (FFmpeg Security)
Future Vulnerabilities Management
In most cases there are no vulnerabilities, but it's a pain to write this every time 🙄 Jpsonic itself has a filter to filter out false positives for CVEs.
Alpine Image plans to maintain a similar suppression filter in the near future. Ubuntu and UBI9 might be a bit slower than that.
Why we can’t get started right away
The tools are incomplete, so it's too early to try and error.
ttps://github.com/docker/scout-cli/issues/115If this were possible, it would be easy to suppress false positives for Alpine Image, which has fewer alerts in the first place.
Ubuntu and UBI9
As the number of cases is somewhat high, progress will likely be monitored for a while. (I think most of it is false positives.) The reason for the high number of false positives is that Docker Scout has just been released and is not yet stable.
https://github.com/docker/scout-cli/issues/71In other words, both Docker Scout and Jpsonic management are in a transitional period. Things are probably moving in a better direction, so let's be patient and evaluate for a while.