There was recent ruby release (ruby 2.5.4, 2.6.2) for the vulnerabilities https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/ When should we expect the corresponding docker image to be available on circle?

Our image release schedule is here https://circleci.com/blog/build-image-update-schedule/ It’s an automated process so I would expect it to be updated within the next day.

[image] RubyGems vulnerability March 2019 Build Environment Ruby announced some CVEs recently for certain RubyGems versions. It doesn’t appear that the docker containers have been updated yet: $ docker pull circleci/ruby:2.6.1 2.6.1: Pulling from circleci/ruby Digest: s…

You can verify this yourself: $ docker pull circleci/ruby:2.6.1 $ docker run -it --rm circleci/ruby:2.6.1 bash $ gem -v # Expect 3.0.3

Now there’s a Ruby 2.5.5 with further security fixes :slight_smile: No circleci/ruby docker image tag yet.

If anyone else wants the security updates quickly, feel free to use these that my co-worker Jocke just made: auctionet/ruby:2.5.5-alpine auctionet/circleci-ruby:2.5.5 auctionet/circleci-ruby:2.6.2 auctionet/circleci-ruby:2.6.2-node So a Dockerfile could say e.g. FROM auctionet/ruby:2.5.5-alpine …

Wrote up a quick thing on how I built the ruby alpine image. https://gist.github.com/joakimk/854d190bb8423a807ac1f696925443cd

Docker image for ruby 2.5.4 and 2.6.2

Build Environment

halfer March 14, 2019, 8:49pm 2

Topic		Replies	Views
RubyGems vulnerability March 2019 Build Environment ruby , docker , rubygems	3	1190	March 21, 2019
Ruby 2.5.3 Build Environment build-image , ruby , docker	3	2253	November 1, 2018
Ruby v2.4.2 and Ruby v2.3.5 CircleCI 2.0 Images Build Environment	1	1046	June 18, 2018
Circleci/ruby:2.6.1-node-browsers not found Feedback & Bug Reports	2	1103	February 7, 2019
Want to install docker image circleci/ruby:2.3 CircleCI Images	1	960	April 23, 2019

Docker image for ruby 2.5.4 and 2.6.2

Related topics