Merge pull request eclipse-tractusx#45 from catenax-ng/main

MIW Patch Release 3.3.3 to fix critical security issues in application images and containers
51nodes · May 17, 2023 · f5a5920 · f5a5920
2 parents 4beb555 + de06807
commit f5a5920
Show file tree

Hide file tree

Showing 7 changed files with 127 additions and 127 deletions.
diff --git a/.env.example b/.env.example
@@ -79,7 +79,7 @@ WEBHOOK_SERVICE_SOCKET_TIMEOUT="30000"
 # Postgres - These must match the values inside MIW_DB_JDBC_URL and QUARKUS_DATASOURCE_JDBC_URL
 POSTGRES_USER="postgres"
 POSTGRES_PASSWORD="local_password"
-PGDATA="/data/postgres-data"
+PGDATA="/var/lib/postgresql/data"
 
 WAIT_HOSTS="local_postgres:5432"
 WAIT_HOSTS_TIMEOUT="300"

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Fixed
+- Security issues regarding container images executed as root user are now executed as non-root user 
+
 ## [3.3.2] - 2023-02-24
 ### Fixed
 - Configurable log level settings with default to INFO

diff --git a/README.md b/README.md
@@ -1,8 +1,6 @@
 # Managed Identity Wallets <a id="introduction"></a>
 
-The Managed Identity Wallets (MIW) service implements the Self-Sovereign-Identity (SSI)
-readiness by providing a wallet hosting platform including a DID resolver,
-service endpoints and the company wallets itself.
+The Managed Identity Wallets (MIW) service implements the Self-Sovereign-Identity (SSI) readiness by providing a wallet hosting platform including a DID resolver,service endpoints and the company wallets itself.
 
 Technically this project is developed using the [ktor](https://ktor.io) Microservices
 framework and thus the Kotlin language. It is using [gradle](https://gradle.org/) as
@@ -12,12 +10,11 @@ it's [multi-tenant feature](https://github.com/hyperledger/aries-cloudagent-pyth
 and [JSON-LD credential](https://github.com/hyperledger/aries-cloudagent-python/blob/main/JsonLdCredentials.md)
 To support credential revocation MIW is using the revocation service within the
 [GXFS Notarization API/Service](https://gitlab.com/gaia-x/data-infrastructure-federation-services/not/notarization-service/-/tree/main/services/revocation)
-
 > **Warning**
 > This is not yet ready for production usage, as
 > [Aries Cloud Agent Python](https://github.com/hyperledger/aries-cloudagent-python)
 > does not support `did:indy` resolution yet. This disclaimer will be removed,
-> once it is available.
+> once it is available.https://img.shields.io/badge/Version-0.7.7-informational
 
 # Developer Documentation
 

diff --git a/charts/managed-identity-wallets/Chart.yaml b/charts/managed-identity-wallets/Chart.yaml
@@ -15,8 +15,8 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.7.5
-appVersion: 3.3.2
+version: 0.7.7
+appVersion: 3.3.3
 
 dependencies:
   - name: postgresql

diff --git a/charts/managed-identity-wallets/README.md b/charts/managed-identity-wallets/README.md
diff --git a/dev-assets/dev-containers/docker-compose.yml b/dev-assets/dev-containers/docker-compose.yml
@@ -9,7 +9,7 @@ services:
     env_file:
       - ../../dev.env
     volumes:
-      - postgres-data:/data/postgres-data
+      - postgres-data:/var/lib/postgresql/data
     ports:
       - "5432:5432"
 

diff --git a/gradle.properties b/gradle.properties
@@ -5,5 +5,5 @@ acapy_java_library_version=0.7.33
 kotlin.code.style=official
 kompendium_version=2.3.5
 exposed_version=0.38.2
-version=3.3.2
+version=3.3.3
 coverage_excludes=**/models/**,**/entities/**,**/Application*,**/services/IWalletService*,**/services/IAcaPyService*,**/services/AcaPyService*,**/services/IBusinessPartnerDataService*,**/services/IRevocationService*,**/services/RevocationService*