From 9d0b3b698a08fe8b6476af6d03cf15ac7cddfcf9 Mon Sep 17 00:00:00 2001 From: Brian Hayden <5826711+bhayden53@users.noreply.github.com> Date: Mon, 6 Dec 2021 12:37:58 -0500 Subject: [PATCH 1/4] force nss update in JobPredict Lambda --- lambda/JobPredict/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/lambda/JobPredict/Dockerfile b/lambda/JobPredict/Dockerfile index 54fcda6c..30f0f80b 100644 --- a/lambda/JobPredict/Dockerfile +++ b/lambda/JobPredict/Dockerfile @@ -3,6 +3,7 @@ FROM amazon/aws-lambda-python:3.7 COPY requirements.txt predict_handler.py ./ # SSL/TLS cert setup for STScI AWS firewalling USER root +RUN yum update nss -y ENV REQUESTS_CA_BUNDLE=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem ENV CURL_CA_BUNDLE=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem From cd137badd89794ff18f343ec24be6b8e6edb5b99 Mon Sep 17 00:00:00 2001 From: Brian Hayden <5826711+bhayden53@users.noreply.github.com> Date: Mon, 6 Dec 2021 12:38:53 -0500 Subject: [PATCH 2/4] add comment to predict Dockerfile --- lambda/JobPredict/Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/lambda/JobPredict/Dockerfile b/lambda/JobPredict/Dockerfile index 30f0f80b..8d5a31ac 100644 --- a/lambda/JobPredict/Dockerfile +++ b/lambda/JobPredict/Dockerfile @@ -3,6 +3,7 @@ FROM amazon/aws-lambda-python:3.7 COPY requirements.txt predict_handler.py ./ # SSL/TLS cert setup for STScI AWS firewalling USER root +# temporary. remove when nss in the base amazon image is secure again RUN yum update nss -y ENV REQUESTS_CA_BUNDLE=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem ENV CURL_CA_BUNDLE=/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem From 727dee30c5a1533b5fff6d40ebb3242ff28d0e18 Mon Sep 17 00:00:00 2001 From: Brian Hayden <5826711+bhayden53@users.noreply.github.com> Date: Mon, 6 Dec 2021 12:41:14 -0500 Subject: [PATCH 3/4] version increment in deploy --- terraform/deploy.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/terraform/deploy.sh b/terraform/deploy.sh index ae14b2d5..fe3bf4b0 100755 --- a/terraform/deploy.sh +++ b/terraform/deploy.sh @@ -3,7 +3,7 @@ # ADMIN_ARN is set in the ci node env and should not be included in this deploy script # variables that will likely be changed frequently -CALCLOUD_VER="v0.4.31" +CALCLOUD_VER="v0.4.32" CALDP_VER="v0.2.16" CAL_BASE_IMAGE="stsci/hst-pipeline:CALDP_20211129_CAL_final" From be3af82c7256f369bd1e13b1db7072b1993a2bee Mon Sep 17 00:00:00 2001 From: Brian Hayden <5826711+bhayden53@users.noreply.github.com> Date: Mon, 6 Dec 2021 12:41:28 -0500 Subject: [PATCH 4/4] changelog update in prep for release --- changelog.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelog.md b/changelog.md index 299bcf6c..cf1c7064 100644 --- a/changelog.md +++ b/changelog.md @@ -1 +1 @@ -- base image update to CALDP_20211129_CAL_final \ No newline at end of file +- force update of nss due to critical security vulnerability \ No newline at end of file