From f6490b28dc5d3c54a829a111e6e1655b93ffc26f Mon Sep 17 00:00:00 2001 From: Samin Rahman Date: Tue, 13 Jan 2026 10:47:49 +1100 Subject: [PATCH 1/5] Version bump uid2-shared for AES caching optimization --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index ac7a35383..7c3d4d24c 100644 --- a/pom.xml +++ b/pom.xml @@ -23,7 +23,7 @@ 2.1.0 2.1.19 2.1.9 - 11.1.124 + 11.3.4-alpha-335-SNAPSHOT ${project.version} 21 21 From 47a6a1aaab1c520fde6125bae9ed58ff3abbc17c Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Mon, 12 Jan 2026 23:55:39 +0000 Subject: [PATCH 2/5] [CI Pipeline] Released Snapshot version: 5.63.12-alpha-284-SNAPSHOT --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 7c3d4d24c..f689fc221 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-operator - 5.63.11 + 5.63.12-alpha-284-SNAPSHOT UTF-8 From eead21af268c856de771aecca135cd27340c0813 Mon Sep 17 00:00:00 2001 From: Samin Rahman Date: Tue, 13 Jan 2026 11:02:34 +1100 Subject: [PATCH 3/5] Temporarily added debug jre to docker --- Dockerfile | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 7c0aa5087..9281a7dc8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # sha from https://hub.docker.com/layers/library/eclipse-temurin/21.0.9_10-jre-alpine-3.23/images/sha256-f599f6fa11f007b6dcf6e85ec2c372c1eba2b6940a7828eb6e665665ea5edd1c -FROM eclipse-temurin@sha256:243e711289b0f17e05a4df60454bbb1b8ed7b126db4de2d5535da994b7417111 +FROM eclipse-temurin@sha256:89517925fa675c6c4b770bee7c44d38a7763212741b0d6fca5a5103caab21a97 RUN apk add --no-cache gcompat @@ -20,12 +20,16 @@ COPY ./target/${JAR_NAME}-${JAR_VERSION}-static.tar.gz /app/static.tar.gz COPY ./conf/default-config.json /app/conf/ COPY ./conf/*.xml /app/conf/ +# Fix CVE-2025-68973: Update gnupg to patched version +RUN apk update && apk upgrade gnupg && rm -rf /var/cache/apk/* + RUN tar xzvf /app/static.tar.gz --no-same-owner --no-same-permissions && rm -f /app/static.tar.gz RUN adduser -D uid2-operator && mkdir -p /opt/uid2 && chmod 777 -R /opt/uid2 && mkdir -p /app && chmod 705 -R /app && mkdir -p /app/file-uploads && chmod 777 -R /app/file-uploads && mkdir -p /app/pod_terminating && chmod 777 -R /app/pod_terminating USER uid2-operator CMD java \ + -XX:+UnlockDiagnosticVMOptions -XX:+DebugNonSafepoints \ -XX:MaxRAMPercentage=95 -XX:-UseCompressedOops -XX:+PrintFlagsFinal -XX:-OmitStackTraceInFastThrow \ -Djava.security.egd=file:/dev/./urandom \ -Dvertx.logger-delegate-factory-class-name=io.vertx.core.logging.SLF4JLogDelegateFactory \ From 74d27c5772fe54ae2b34b1922f1f99d6c2aa5224 Mon Sep 17 00:00:00 2001 From: Release Workflow Date: Tue, 13 Jan 2026 00:06:53 +0000 Subject: [PATCH 4/5] [CI Pipeline] Released Snapshot version: 5.63.13-alpha-285-SNAPSHOT --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index f689fc221..1a30ed679 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ com.uid2 uid2-operator - 5.63.12-alpha-284-SNAPSHOT + 5.63.13-alpha-285-SNAPSHOT UTF-8 From 3e5eb8017fcb9a7dc1785cd955d8a5e1a0dea554 Mon Sep 17 00:00:00 2001 From: Samin Rahman Date: Tue, 13 Jan 2026 14:17:36 +1100 Subject: [PATCH 5/5] Reverted Dockerfile to regular jre and updated uid2-shared version --- Dockerfile | 9 +++------ pom.xml | 2 +- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9281a7dc8..7f9f95f75 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,7 @@ # sha from https://hub.docker.com/layers/library/eclipse-temurin/21.0.9_10-jre-alpine-3.23/images/sha256-f599f6fa11f007b6dcf6e85ec2c372c1eba2b6940a7828eb6e665665ea5edd1c -FROM eclipse-temurin@sha256:89517925fa675c6c4b770bee7c44d38a7763212741b0d6fca5a5103caab21a97 +FROM eclipse-temurin@sha256:243e711289b0f17e05a4df60454bbb1b8ed7b126db4de2d5535da994b7417111 +# For Amazon Corretto Crypto Provider RUN apk add --no-cache gcompat WORKDIR /app @@ -20,18 +21,14 @@ COPY ./target/${JAR_NAME}-${JAR_VERSION}-static.tar.gz /app/static.tar.gz COPY ./conf/default-config.json /app/conf/ COPY ./conf/*.xml /app/conf/ -# Fix CVE-2025-68973: Update gnupg to patched version -RUN apk update && apk upgrade gnupg && rm -rf /var/cache/apk/* - RUN tar xzvf /app/static.tar.gz --no-same-owner --no-same-permissions && rm -f /app/static.tar.gz RUN adduser -D uid2-operator && mkdir -p /opt/uid2 && chmod 777 -R /opt/uid2 && mkdir -p /app && chmod 705 -R /app && mkdir -p /app/file-uploads && chmod 777 -R /app/file-uploads && mkdir -p /app/pod_terminating && chmod 777 -R /app/pod_terminating USER uid2-operator CMD java \ - -XX:+UnlockDiagnosticVMOptions -XX:+DebugNonSafepoints \ -XX:MaxRAMPercentage=95 -XX:-UseCompressedOops -XX:+PrintFlagsFinal -XX:-OmitStackTraceInFastThrow \ -Djava.security.egd=file:/dev/./urandom \ -Dvertx.logger-delegate-factory-class-name=io.vertx.core.logging.SLF4JLogDelegateFactory \ -Dlogback.configurationFile=/app/conf/logback.xml \ - -jar ${JAR_NAME}-${JAR_VERSION}.jar + -jar ${JAR_NAME}-${JAR_VERSION}.jar \ No newline at end of file diff --git a/pom.xml b/pom.xml index 1a30ed679..0f04c3676 100644 --- a/pom.xml +++ b/pom.xml @@ -23,7 +23,7 @@ 2.1.0 2.1.19 2.1.9 - 11.3.4-alpha-335-SNAPSHOT + 11.4.4 ${project.version} 21 21