Commit d944b92
authored
fix(scripts/ironbank): update base image to UBI9 and remove urllib3 (CVE-2026-44431) (#25249)
## Summary
Update the IronBank Dockerfile to use UBI9 (9.6) instead of UBI8 (8.7)
and explicitly remove `python3-urllib3` to address CVE-2026-44431.
### Changes
- **Dockerfile**: Upgrade base image from `ubi8-minimal:8.7` to
`ubi9-minimal:9.6`
- **Dockerfile**: Add `microdnf remove python3-urllib3` step after
package install
- **build_ironbank.sh**: Update local build args to match the new UBI9
base image
### Context
urllib3 1.26.5 is bundled in the UBI base image. Coder is a Go binary
and does not invoke Python at runtime, so this library is unused. The
removal step is a belt-and-suspenders safeguard in case UBI9 still ships
the package.
Fixes: ENT-52
> [!NOTE]
> This PR was generated by [Coder
Agents](https://coder.com/docs/agents).1 parent 315e800 commit d944b92
2 files changed
Lines changed: 7 additions & 4 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | | - | |
3 | | - | |
| 2 | + | |
| 3 | + | |
4 | 4 | | |
5 | 5 | | |
6 | 6 | | |
| |||
16 | 16 | | |
17 | 17 | | |
18 | 18 | | |
| 19 | + | |
| 20 | + | |
| 21 | + | |
19 | 22 | | |
20 | 23 | | |
21 | 24 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
96 | 96 | | |
97 | 97 | | |
98 | 98 | | |
99 | | - | |
100 | | - | |
| 99 | + | |
| 100 | + | |
101 | 101 | | |
102 | 102 | | |
103 | 103 | | |
| |||
0 commit comments