Containerized private minion (CPM) release notesRSS

Security Updates

• Updated jackson from version 2.14.2 to 2.15.0 to remediate CVE-2022-42003 and CVE-2022-42004

No changes.

Improvements

Note: These changes only apply to public locations

• Updates environment variables during instance creation to correctly reflect IP address

Improvements

• Adds support for Kubernetes 1.21+ by enabling BoundServiceAccountToken by default

Fixes

• Upgrades Fabric8 Kubernetes client version to remediate CVE-2021-20218
• Upgrades apache-commons and netty-all version to remediate CVE-2021-35515, CVE-2021-35516, CVE-2021-35517, CVE-2021-36090
• Upgrades jetty-io version to remediate CVE-2021-34429, CVE-2022-2048

Improvements

• Updated base ubuntu image to remediate CVE-2023-0286

Fixes

• Updated vulnerability found in runner version 3.0.0 resolving CVE-2017-16226

Fixes

• Updated lodash version to address CVE-2019-10744

Fixes

• Updated base ubuntu image to remediate CVE-2022-3515

Fixes

• Updated Artifactory hostnames to implement migration to artifacts.datanerd.us
• Updated Minion Java version and Runner base image to remediate CVEs