chore: upgrade to 3.1.0+2.4.0 #13
Assignees
3wordchant
aadil
abra-bot
ammaratef45
amras
Apfelwurm
appletalk
arjan
basebuilder
BornDeleuze
Brooke
carla
cas
codegod100
coopcloud
cyrnel
decentral1se
dede
devydave
fauno
flancian
Frando
iexos
jade
javielico
jjsfunhouse
jmakdah2
joe-irving
kawaiipunk
knoflook
kolaente
lambdabundesverband
linnealovespie
marlon
mayel
mirsal
moosemower
moritz
nicksellen
notplants
oxaliq
p4u1
pau
pharaohgraphy
PhiNatalie
renovate-bot
ripclap
rix
rscmbbng
sef
simon
sixsmith
stevensting
tobias
trav
val
vaznasty
virtualboys
wolcen
wykwit
xynosis
yksflip
Clear assignees
3wordchant
aadil
abra-bot
ammaratef45
amras
Apfelwurm
appletalk
arjan
basebuilder
BornDeleuze
Brooke
carla
cas
codegod100
coopcloud
cyrnel
decentral1se
dede
devydave
fauno
flancian
Frando
iexos
jade
javielico
jjsfunhouse
jmakdah2
joe-irving
kawaiipunk
knoflook
kolaente
lambdabundesverband
linnealovespie
marlon
mayel
mirsal
moosemower
moritz
nicksellen
notplants
oxaliq
p4u1
pau
pharaohgraphy
PhiNatalie
renovate-bot
ripclap
rix
rscmbbng
sef
simon
sixsmith
stevensting
tobias
trav
val
vaznasty
virtualboys
wolcen
wykwit
xynosis
yksflip
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: coop-cloud/uptime-kuma#13
Reference in New Issue
Block a user
No description provided.
Delete Branch "upgrade-3.1.0+2.4.0"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
@stevensting ty for you maintenance of this recipe!
autonomic was doing some scanning recipes we use for CVE, and saw that this recipe needed a version bump to address a CVE so just popped over here to create the PR, if you get a chance to take a look
a276812819toeb4521cc5dHi, thanks for the heads up. Any particular reason why you created this pull request instead of using the two renovate PRs?
I just merged the two PRs, did the release and tested it. I will close this PR. Happy upgrading.
@notplants could you tell me which CVE that was?
thank you @stevensting . the security issue was mentioned here in the release notes https://github.com/louislam/uptime-kuma/releases/tag/2.4.0 although they have not disclosed exactly what it was yet (I think it was probably this one in liquidjs: https://orca.security/resources/blog/critical-rce-in-liquidjs-lets-attackers-execute-arbitrary-commands-on-unpatched-hosts/)
and I had no reason to create the PR instead of use renovate. we were just checking through recipes we used in a systematic way, but glad to hear you have a nice flow with renovate
@stevensting the one difference I see is I added MARIADB_AUTO_UPGRADE=1 (https://hub.docker.com/_/mariadb#mariadb_auto_upgrade) which I thought might have been required for major version bumps of mariadb to work automatically?
but you tested the migration and the db was updated automatically even without that?
@notplants hmm, good point. Yes, everything worked fine without a manual step. the DB got upgraded and mariadb-check gives no errors.
But maybe I should nevertheless put the auto upgrade flag in there for the next upgrade
thats a headscratcher... I wonder why they have the flag if its not actually necessary... but yes seems safer to include it than not haha
Pull request closed