feat: use Alpine 3.18 base image to mitigate CVE-2023-1255

Dockerfile

@@ -7,7 +7,7 @@ COPY . .
 ARG TARGETOS TARGETARCH
 RUN CGO_ENABLED=0 GOOS=$TARGETOS GOARCH=$TARGETARCH go build -o webhook -ldflags '-w -extldflags "-static"' .
 
-FROM alpine:3.17.3
+FROM alpine:3.18
 RUN apk add --no-cache ca-certificates
 COPY --from=build /workspace/webhook /usr/local/bin/webhook
 ENTRYPOINT ["webhook"]

Makefile

@@ -2,7 +2,7 @@ OS ?= $(shell go env GOOS)
 ARCH ?= $(shell go env GOARCH)
 
 IMAGE_NAME := "elvino76/cert-manager-webhook-netcup"
-IMAGE_TAG := "1.0.14"
+IMAGE_TAG := "1.0.15"
 
 OUT := $(shell pwd)/_out
 

charts/cert-manager-webhook-netcup-1.0.15.tgz.prov

@@ -0,0 +1,52 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+annotations:
+  artifacthub.io/changes: |
+    - kind: added
+      description: "use Alpine 3.18 base image"
+    - kind: fixed
+      description: "upgrade base image to mitigate openssl CVE-2023-1255"
+  artifacthub.io/containsSecurityUpdates: "true"
+  artifacthub.io/license: Apache-2.0
+  artifacthub.io/maintainers: |
+    - name: Alex Ellwein
+      email: [email protected]
+  artifacthub.io/signKey: |
+    fingerprint: "F91914CE96676E209A8240290EEF2777053A7D1A"
+    url: https://keybase.io/aellwein/pgp_keys.asc
+apiVersion: v1
+appVersion: 1.0.15
+description: A Helm chart for cert manager webhook solver for ACME DNS01 challenge
+  via Netcup
+home: https://github.com/aellwein/cert-manager-webhook-netcup
+icon: https://raw.githubusercontent.com/cert-manager/cert-manager/master/logo/logo.png
+keywords:
+- - cert-manager
+- - webhook
+- - letsencrypt
+- - netcup
+- - ACME
+- - DNS01
+name: cert-manager-webhook-netcup
+version: 1.0.15
+
+...
+files:
+  ./cert-manager-webhook-netcup-1.0.15.tgz: sha256:9004dfab480013735a304222d6cb258e1abf4ce6f2d91d6ab9079b6a143dbc6b
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCAAdFiEE1HATsJzIi3L2TkHNV/husVzFn5YFAmRdLocACgkQV/husVzF
+n5awsA/+LS2KmvBE8ggdVjHQPP4CbFYWnZVFQ8iybAVvueQS0XD6wjH/kJmIYtlA
+BhKVEoAmEY2POACw0r9qjql+KMleyRwGPQ1nafO9dUokjtecHI8CRnsXgWM9k2wU
+kQwvwUfGK47bLXfKeexAp2kcv5YfXOxgJgtm2UKLWc12lLmHwRWeFvkFT5D0ifUL
+qVLC/ruMiWrYmz31BuoMuBCZbuY3VT2a1vfeBNQn9lEIJuQUtLXOWvbID4ZW2a0n
+5rN0L7Xf9KZ+gMqu7a27Fb/SrtDfASsNDza75eYLay7xpN0EOd4ab6+PQm5TqJIw
+025D+EqdcXUHSIptYqGXjWvVKe5S5JQ9PZFZffAlDjO38j8+Ge3prww5AVL7jWR3
+oxPSb+19utP0dCoVV76+L2S2y58YQ4AJ3GTzJSA9BcOrS66dkGBNUSwHqGZX1Q3U
+lKahel1j7zvf+WAO60U4r7GGM0GPKihoXSSzX1Oh8d7u9azw6OSY/uTzps0nfQKn
+CuqGpxQ1AhWVAuX19edW398VqbZERdIwuHPzaT3I8Y463XV/vr2mnK4/+N3zQc7u
+oNXerXDNAF3FYviEKNJWhTme+Nzd6AGwt41FfQC9pQyxfIAYhidFYY3BDD0d0mJP
+9nXdys3v+ct9NQsW71Hfs7zOlVmlX/FheG6IGtuJZ33frIbXdKo=
+=hPXK
+-----END PGP SIGNATURE-----

charts/index.yaml

@@ -1,6 +1,39 @@
 apiVersion: v1
 entries:
   cert-manager-webhook-netcup:
+  - annotations:
+      artifacthub.io/changes: |
+        - kind: added
+          description: "use Alpine 3.18 base image"
+        - kind: fixed
+          description: "upgrade base image to mitigate openssl CVE-2023-1255"
+      artifacthub.io/containsSecurityUpdates: "true"
+      artifacthub.io/license: Apache-2.0
+      artifacthub.io/maintainers: |
+        - name: Alex Ellwein
+          email: [email protected]
+      artifacthub.io/signKey: |
+        fingerprint: "F91914CE96676E209A8240290EEF2777053A7D1A"
+        url: https://keybase.io/aellwein/pgp_keys.asc
+    apiVersion: v1
+    appVersion: 1.0.15
+    created: "2023-05-11T20:06:17.515664+02:00"
+    description: A Helm chart for cert manager webhook solver for ACME DNS01 challenge
+      via Netcup
+    digest: 9004dfab480013735a304222d6cb258e1abf4ce6f2d91d6ab9079b6a143dbc6b
+    home: https://github.com/aellwein/cert-manager-webhook-netcup
+    icon: https://raw.githubusercontent.com/cert-manager/cert-manager/master/logo/logo.png
+    keywords:
+    - cert-manager
+    - webhook
+    - letsencrypt
+    - netcup
+    - ACME
+    - DNS01
+    name: cert-manager-webhook-netcup
+    urls:
+    - cert-manager-webhook-netcup-1.0.15.tgz
+    version: 1.0.15
   - annotations:
       artifacthub.io/changes: |
         - kind: added
@@ -19,7 +52,7 @@ entries:
         url: https://keybase.io/aellwein/pgp_keys.asc
     apiVersion: v1
     appVersion: 1.0.14
-    created: "2023-04-05T15:44:03.596025+02:00"
+    created: "2023-05-11T20:06:17.515422+02:00"
     description: A Helm chart for cert manager webhook solver for ACME DNS01 challenge
       via Netcup
     digest: 5ae3d345efadfd55f8b3c154fd81f2ccd95896bed24ee918c9d71d495021a6b5
@@ -52,7 +85,7 @@ entries:
         url: https://keybase.io/aellwein/pgp_keys.asc
     apiVersion: v1
     appVersion: 1.0.13
-    created: "2023-04-05T15:44:03.595749+02:00"
+    created: "2023-05-11T20:06:17.515142+02:00"
     description: A Helm chart for cert manager webhook solver for ACME DNS01 challenge
       via Netcup
     digest: 68f71804f042cf7d2a6a2470cb4dfb8c48c26389f07f66e266ae9a0619a15c21
@@ -112,7 +145,7 @@ entries:
           email: [email protected]
     apiVersion: v1
     appVersion: 1.0.12
-    created: "2023-04-05T15:44:03.595449+02:00"
+    created: "2023-05-11T20:06:17.514915+02:00"
     description: A Helm chart for cert manager webhook solver for ACME DNS01 challenge
       via Netcup
     digest: bede761557c38f373c3923f9d9128f77c8fc32d2b1d79f1fda4cb548c031f62d
@@ -139,7 +172,7 @@ entries:
           email: [email protected]
     apiVersion: v1
     appVersion: 1.0.11
-    created: "2023-04-05T15:44:03.595159+02:00"
+    created: "2023-05-11T20:06:17.514648+02:00"
     description: A Helm chart for cert manager webhook solver for ACME DNS01 challenge
       via Netcup
     digest: aa66de90af78012c0521d3ec48265746ee97f26640248e4b68328331c4ce6f2d
@@ -167,7 +200,7 @@ entries:
           email: [email protected]
     apiVersion: v1
     appVersion: 1.0.10
-    created: "2023-04-05T15:44:03.594879+02:00"
+    created: "2023-05-11T20:06:17.5144+02:00"
     description: A Helm chart for cert manager webhook solver for ACME DNS01 challenge
       via Netcup
     digest: f6ec08186bf14c204eef0971e9c84545b5a8bb3d455d7cdcca488ddc71830695
@@ -196,7 +229,7 @@ entries:
           email: [email protected]
     apiVersion: v1
     appVersion: 1.0.9
-    created: "2023-04-05T15:44:03.598191+02:00"
+    created: "2023-05-11T20:06:17.517446+02:00"
     description: A Helm chart for cert manager webhook solver for ACME DNS01 challenge
       via Netcup
     digest: d3b6eab27e21af3ae6fb5473e4b0e5db8d75c95bf5ee9b7f1b2e25e98b488bd3
@@ -215,7 +248,7 @@ entries:
     version: 1.0.9
   - apiVersion: v1
     appVersion: 1.0.8
-    created: "2023-04-05T15:44:03.59762+02:00"
+    created: "2023-05-11T20:06:17.517135+02:00"
     description: Allow cert-manager to solve DNS challenges using Netcup DNS API
     digest: 4b1c49ef9ab1c57428cff35824dd7cb13f187af74fa7dcd560dd788aa0dce892
     name: cert-manager-webhook-netcup
@@ -224,7 +257,7 @@ entries:
     version: 1.0.8
   - apiVersion: v1
     appVersion: 1.0.7
-    created: "2023-04-05T15:44:03.59686+02:00"
+    created: "2023-05-11T20:06:17.516919+02:00"
     description: Allow cert-manager to solve DNS challenges using Netcup DNS API
     digest: 0d262079f7326e41020df239298f5106bebaf9d797a9ce61550caa6457237a69
     name: cert-manager-webhook-netcup
@@ -233,7 +266,7 @@ entries:
     version: 1.0.7
   - apiVersion: v1
     appVersion: 1.0.6
-    created: "2023-04-05T15:44:03.596661+02:00"
+    created: "2023-05-11T20:06:17.516498+02:00"
     description: Allow cert-manager to solve DNS challenges using Netcup DNS API
     digest: f1eb0f11758d480a6fa187a54cdca8669b1ccdb75f022b53d84253723827b7c7
     name: cert-manager-webhook-netcup
@@ -242,7 +275,7 @@ entries:
     version: 1.0.6
   - apiVersion: v1
     appVersion: 1.0.5
-    created: "2023-04-05T15:44:03.596469+02:00"
+    created: "2023-05-11T20:06:17.516045+02:00"
     description: Allow cert-manager to solve DNS challenges using Netcup DNS API
     digest: 24df7547c2509b06972440c318a22e7e62c0c00c55a796b2c71b70c2e6a1f9bf
     name: cert-manager-webhook-netcup
@@ -251,11 +284,11 @@ entries:
     version: 1.0.5
   - apiVersion: v1
     appVersion: 1.0.3
-    created: "2023-04-05T15:44:03.596247+02:00"
+    created: "2023-05-11T20:06:17.515853+02:00"
     description: Allow cert-manager to solve DNS challenges using Netcup DNS API
     digest: 03f7f124bb6d76a606a9ed598466b1f4aa422c4406bde52cfff1202a209cd9fd
     name: cert-manager-webhook-netcup
     urls:
     - cert-manager-webhook-netcup-1.0.3.tgz
     version: 1.0.3
-generated: "2023-04-05T15:44:03.594464+02:00"
+generated: "2023-05-11T20:06:17.514043+02:00"

deploy/cert-manager-webhook-netcup/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v1
-appVersion: "1.0.14"
-version: 1.0.14
+appVersion: "1.0.15"
+version: 1.0.15
 description: A Helm chart for cert manager webhook solver for ACME DNS01 challenge via Netcup
 name: cert-manager-webhook-netcup
 home: https://github.com/aellwein/cert-manager-webhook-netcup
@@ -20,11 +20,9 @@ annotations:
   artifacthub.io/containsSecurityUpdates: "true"
   artifacthub.io/changes: |
     - kind: added
-      description: "use Go 1.20.3 for builds"
+      description: "use Alpine 3.18 base image"
     - kind: fixed
-      description: "upgrade base image to mitigate openssl CVE-2023-0464"
-    - kind: fixed
-      description: "upgrade base image to mitigate openssl CVE-2023-0465"
+      description: "upgrade base image to mitigate openssl CVE-2023-1255"
   artifacthub.io/signKey: |
     fingerprint: "F91914CE96676E209A8240290EEF2777053A7D1A"
     url: https://keybase.io/aellwein/pgp_keys.asc

deploy/cert-manager-webhook-netcup/values.yaml

@@ -15,7 +15,7 @@ certManager:
 
 image:
   repository: elvino76/cert-manager-webhook-netcup
-  tag: 1.0.14
+  tag: 1.0.15
   # sha hash can be used to specify image version, instead of tag
   hash: ""
   pullPolicy: IfNotPresent