There was recent ruby release (ruby 2.5.4, 2.6.2) for the vulnerabilities https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
When should we expect the corresponding docker image to be available on circle?
2 Likes
1 Like
You can verify this yourself:
$ docker pull circleci/ruby:2.6.1
$ docker run -it --rm circleci/ruby:2.6.1 bash
$ gem -v
# Expect 3.0.3Now there’s a Ruby 2.5.5 with further security fixes 
No circleci/ruby docker image tag yet.
1 Like
If anyone else wants the security updates quickly, feel free to use these that my co-worker Jocke just made:
- auctionet/ruby:2.5.5-alpine
- auctionet/circleci-ruby:2.5.5
- auctionet/circleci-ruby:2.6.2
- auctionet/circleci-ruby:2.6.2-node
So a Dockerfile could say e.g.
FROM auctionet/ruby:2.5.5-alpine
Or config could say e.g.
- image: auctionet/circleci-ruby:2.5.5
1 Like
Wrote up a quick thing on how I built the ruby alpine image. https://gist.github.com/joakimk/854d190bb8423a807ac1f696925443cd
2 Likes
Our image release schedule is here https://circleci.com/blog/build-image-update-schedule/
It’s an automated process so I would expect it to be updated within the next day.
1 Like
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.