Docker image for ruby 2.5.4 and 2.6.2

There was recent ruby release (ruby 2.5.4, 2.6.2) for the vulnerabilities https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/

When should we expect the corresponding docker image to be available on circle?

3 Likes
1 Like

You can verify this yourself:

$ docker pull circleci/ruby:2.6.1
$ docker run -it --rm circleci/ruby:2.6.1 bash
$ gem -v
# Expect 3.0.3

Now there’s a Ruby 2.5.5 with further security fixes :slight_smile: No circleci/ruby docker image tag yet.

1 Like

If anyone else wants the security updates quickly, feel free to use these that my co-worker Jocke just made:

  • auctionet/ruby:2.5.5-alpine
  • auctionet/circleci-ruby:2.5.5
  • auctionet/circleci-ruby:2.6.2
  • auctionet/circleci-ruby:2.6.2-node

So a Dockerfile could say e.g.

FROM auctionet/ruby:2.5.5-alpine

Or config could say e.g.

- image: auctionet/circleci-ruby:2.5.5
1 Like

Wrote up a quick thing on how I built the ruby alpine image. https://gist.github.com/joakimk/854d190bb8423a807ac1f696925443cd

2 Likes

Our image release schedule is here https://circleci.com/blog/build-image-update-schedule/

It’s an automated process so I would expect it to be updated within the next day.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.