Skip to content

[SAR] APPENG-5145: Add system package updates to container images#194

Open
yuvalk wants to merge 2 commits into
RHEcosystemAppEng:mainfrom
yuvalk:fix/APPENG-5145-container-system-updates
Open

[SAR] APPENG-5145: Add system package updates to container images#194
yuvalk wants to merge 2 commits into
RHEcosystemAppEng:mainfrom
yuvalk:fix/APPENG-5145-container-system-updates

Conversation

@yuvalk
Copy link
Copy Markdown
Collaborator

@yuvalk yuvalk commented May 6, 2026

Summary

Addresses APPENG-5145.

Adds microdnf upgrade to the production stage of both container images to ensure the latest security patches from the UBI base image are applied at build time.

Changes

  • Containerfile: Added RUN microdnf upgrade -y && microdnf clean all after production FROM
  • Containerfile.marketplace-handler: Same addition after production FROM

SAR Reference

  • CWE: CWE-1104 (Use of Unmaintained Third Party Components)
  • Impact: Medium

Co-Authored-By: Claude Opus 4.6 (1M context) noreply@anthropic.com

@yuvalk @claude
Add system package updates to container production stages
5b8843e 
Addresses APPENG-5145. Adds microdnf upgrade to the production stage of
both container images to ensure the latest security patches are applied
at build time, reducing the window of exposure to known CVEs.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
luis5tb
luis5tb approved these changes May 6, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@luis5tb luis5tb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@luis5tb
Copy link
Copy Markdown
Collaborator

luis5tb commented May 7, 2026

It does not seem to like the microdnf:
[2/2] STEP 2/19: RUN microdnf upgrade -y && microdnf clean all
error: Failed to create: /var/cache/yum/metadata
Error: building at STEP "RUN microdnf upgrade -y && microdnf clean all": while running runtime: exit status 1
Error: Process completed with exit code 1.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@luis5tb luis5tb luis5tb approved these changes

@IlonaShishov IlonaShishov Awaiting requested review from IlonaShishov IlonaShishov is a code owner

@dmartinol dmartinol Awaiting requested review from dmartinol dmartinol is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@yuvalk @luis5tb