From 834d107ee8430ae5683253aea596931883c0b4ac Mon Sep 17 00:00:00 2001 From: Jon Clausen Date: Wed, 6 Aug 2025 11:36:05 -0400 Subject: [PATCH 1/4] snapshot changelog update [ci skip] --- changelog.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/changelog.md b/changelog.md index a41caff..718e546 100644 --- a/changelog.md +++ b/changelog.md @@ -7,6 +7,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ---- +## [Unreleased] + ## [6.2.1/3.13.6] - 2025-08-06 ### Changed From fe398b041a7efd04ba24b358a1158d5101b3003c Mon Sep 17 00:00:00 2001 From: Jon Clausen Date: Wed, 6 Aug 2025 11:54:30 -0400 Subject: [PATCH 2/4] add package updates to all dependency installs --- build/util/alpine/install-dependencies.sh | 33 ++++++++++++----------- build/util/debian/install-dependencies.sh | 7 ++++- build/util/ubi9/install-dependencies.sh | 7 +++++ 3 files changed, 31 insertions(+), 16 deletions(-) diff --git a/build/util/alpine/install-dependencies.sh b/build/util/alpine/install-dependencies.sh index 82a6d67..7e3c029 100755 --- a/build/util/alpine/install-dependencies.sh +++ b/build/util/alpine/install-dependencies.sh @@ -1,18 +1,21 @@ #!/bin/sh set -e -apk update && apk add curl \ - jq \ - bash \ - openssl \ - libgcc \ - libstdc++ \ - libx11 \ - glib \ - libxrender \ - libxext \ - libintl \ - shadow \ - fontconfig \ - && rm -f /var/cache/apk/* - \ No newline at end of file +apk update + +apk upgrade + + apk add curl \ + jq \ + bash \ + openssl \ + libgcc \ + libstdc++ \ + libx11 \ + glib \ + libxrender \ + libxext \ + libintl \ + shadow \ + fontconfig \ + && rm -f /var/cache/apk/* diff --git a/build/util/debian/install-dependencies.sh b/build/util/debian/install-dependencies.sh index 079a06c..44bd2bf 100755 --- a/build/util/debian/install-dependencies.sh +++ b/build/util/debian/install-dependencies.sh @@ -1,7 +1,12 @@ #!/bin/sh set -e -apt-get update && apt-get install --assume-yes \ +apt-get update + +# Upgrade all packages +apt-get -y upgrade + +apt-get install --assume-yes \ apt-utils \ ca-certificates \ curl \ diff --git a/build/util/ubi9/install-dependencies.sh b/build/util/ubi9/install-dependencies.sh index 2174a6d..771353a 100755 --- a/build/util/ubi9/install-dependencies.sh +++ b/build/util/ubi9/install-dependencies.sh @@ -1,6 +1,13 @@ #!/bin/sh set -e +microdnf upgrade \ + --refresh \ + --best \ + --nodocs \ + --noplugins \ + --setopt=install_weak_deps=0 + microdnf install -y \ jq \ procps \ From d56577527486769ee30697fd510e8f7bd7df7f22 Mon Sep 17 00:00:00 2001 From: Jon Clausen Date: Fri, 8 Aug 2025 10:51:47 -0400 Subject: [PATCH 3/4] update scans to only report if fixes are available --- .github/workflows/scans.yml | 1 + build/util/debian/install-dependencies.sh | 2 ++ changelog.md | 5 +++++ 3 files changed, 8 insertions(+) diff --git a/.github/workflows/scans.yml b/.github/workflows/scans.yml index c0e9914..2d5cf6a 100644 --- a/.github/workflows/scans.yml +++ b/.github/workflows/scans.yml @@ -60,6 +60,7 @@ jobs: severity-cutoff: "high" fail-build: false by-cve: "true" + only-fixed: true - name: Upload Anchore Report uses: github/codeql-action/upload-sarif@v3 diff --git a/build/util/debian/install-dependencies.sh b/build/util/debian/install-dependencies.sh index 44bd2bf..c802606 100755 --- a/build/util/debian/install-dependencies.sh +++ b/build/util/debian/install-dependencies.sh @@ -6,6 +6,8 @@ apt-get update # Upgrade all packages apt-get -y upgrade +apt-get autoremove -y + apt-get install --assume-yes \ apt-utils \ ca-certificates \ diff --git a/changelog.md b/changelog.md index 718e546..ea770ce 100644 --- a/changelog.md +++ b/changelog.md @@ -9,6 +9,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Changed + +- Add pre-dependendency install upgrades of packages to ensure latest security patches are applied +- + ## [6.2.1/3.13.6] - 2025-08-06 ### Changed From 92d9c272a2c9bc02518b2519c1a46f1ff75b822c Mon Sep 17 00:00:00 2001 From: Lucas Wallin Date: Sat, 20 Sep 2025 19:08:50 +1000 Subject: [PATCH 4/4] bump Adobe Coldfusion versions in Dockerfiles and changelog --- builds/alpine/Adobe2021.Dockerfile | 2 +- builds/alpine/Adobe2023.Dockerfile | 2 +- builds/alpine/Adobe2025.Dockerfile | 2 +- builds/debian/Adobe2021.Dockerfile | 2 +- builds/debian/Adobe2023.Dockerfile | 2 +- builds/debian/Adobe2025.Dockerfile | 2 +- builds/ubi9/Adobe2021.Dockerfile | 2 +- builds/ubi9/Adobe2023.Dockerfile | 2 +- builds/ubi9/Adobe2025.Dockerfile | 2 +- changelog.md | 9 ++++++++- 10 files changed, 17 insertions(+), 10 deletions(-) diff --git a/builds/alpine/Adobe2021.Dockerfile b/builds/alpine/Adobe2021.Dockerfile index 5baeb61..3e32069 100644 --- a/builds/alpine/Adobe2021.Dockerfile +++ b/builds/alpine/Adobe2021.Dockerfile @@ -5,7 +5,7 @@ LABEL maintainer "Jon Clausen " LABEL repository "https://github.com/Ortus-Solutions/docker-commandbox" #Hard Code our engine environment -ENV BOX_SERVER_APP_CFENGINE adobe@2021.0.20+330407 +ENV BOX_SERVER_APP_CFENGINE adobe@2021.0.22+330451 # WARM UP THE SERVER RUN ${BUILD_DIR}/util/warmup-server.sh \ No newline at end of file diff --git a/builds/alpine/Adobe2023.Dockerfile b/builds/alpine/Adobe2023.Dockerfile index 44d2069..5ad0ea4 100644 --- a/builds/alpine/Adobe2023.Dockerfile +++ b/builds/alpine/Adobe2023.Dockerfile @@ -5,7 +5,7 @@ LABEL maintainer "Jon Clausen " LABEL repository "https://github.com/Ortus-Solutions/docker-commandbox" #Hard Code our engine environment -ENV BOX_SERVER_APP_CFENGINE adobe@2023.0.14+330784 +ENV BOX_SERVER_APP_CFENGINE adobe@2023.0.16+330828 # WARM UP THE SERVER RUN ${BUILD_DIR}/util/warmup-server.sh \ No newline at end of file diff --git a/builds/alpine/Adobe2025.Dockerfile b/builds/alpine/Adobe2025.Dockerfile index 5b31126..91d07b0 100644 --- a/builds/alpine/Adobe2025.Dockerfile +++ b/builds/alpine/Adobe2025.Dockerfile @@ -6,7 +6,7 @@ LABEL repository "https://github.com/Ortus-Solutions/docker-commandbox" #Hard Code our engine environment -ENV BOX_SERVER_APP_CFENGINE adobe@2025.0.02+331451 +ENV BOX_SERVER_APP_CFENGINE adobe@2025.0.04+331512 # WARM UP THE SERVER RUN ${BUILD_DIR}/util/warmup-server.sh \ No newline at end of file diff --git a/builds/debian/Adobe2021.Dockerfile b/builds/debian/Adobe2021.Dockerfile index 221f91a..8578a8d 100644 --- a/builds/debian/Adobe2021.Dockerfile +++ b/builds/debian/Adobe2021.Dockerfile @@ -5,7 +5,7 @@ LABEL maintainer "Jon Clausen " LABEL repository "https://github.com/Ortus-Solutions/docker-commandbox" #Hard Code our engine environment -ENV BOX_SERVER_APP_CFENGINE adobe@2021.0.20+330407 +ENV BOX_SERVER_APP_CFENGINE adobe@2021.0.22+330451 # WARM UP THE SERVER RUN ${BUILD_DIR}/util/warmup-server.sh \ No newline at end of file diff --git a/builds/debian/Adobe2023.Dockerfile b/builds/debian/Adobe2023.Dockerfile index 6fcc0bf..3b99161 100644 --- a/builds/debian/Adobe2023.Dockerfile +++ b/builds/debian/Adobe2023.Dockerfile @@ -5,7 +5,7 @@ LABEL maintainer "Jon Clausen " LABEL repository "https://github.com/Ortus-Solutions/docker-commandbox" #Hard Code our engine environment -ENV BOX_SERVER_APP_CFENGINE adobe@2023.0.14+330784 +ENV BOX_SERVER_APP_CFENGINE adobe@2023.0.16+330828 # WARM UP THE SERVER RUN ${BUILD_DIR}/util/warmup-server.sh \ No newline at end of file diff --git a/builds/debian/Adobe2025.Dockerfile b/builds/debian/Adobe2025.Dockerfile index 39a335b..651f0e5 100644 --- a/builds/debian/Adobe2025.Dockerfile +++ b/builds/debian/Adobe2025.Dockerfile @@ -6,7 +6,7 @@ LABEL repository "https://github.com/Ortus-Solutions/docker-commandbox" #Hard Code our engine environment -ENV BOX_SERVER_APP_CFENGINE adobe@2025.0.02+331451 +ENV BOX_SERVER_APP_CFENGINE adobe@2025.0.04+331512 # WARM UP THE SERVER RUN ${BUILD_DIR}/util/warmup-server.sh \ No newline at end of file diff --git a/builds/ubi9/Adobe2021.Dockerfile b/builds/ubi9/Adobe2021.Dockerfile index 0cd28e8..1978a1b 100644 --- a/builds/ubi9/Adobe2021.Dockerfile +++ b/builds/ubi9/Adobe2021.Dockerfile @@ -5,7 +5,7 @@ LABEL maintainer "Jon Clausen " LABEL repository "https://github.com/Ortus-Solutions/docker-commandbox" #Hard Code our engine environment -ENV BOX_SERVER_APP_CFENGINE adobe@2021.0.20+330407 +ENV BOX_SERVER_APP_CFENGINE adobe@2021.0.22+330451 # WARM UP THE SERVER RUN ${BUILD_DIR}/util/warmup-server.sh \ No newline at end of file diff --git a/builds/ubi9/Adobe2023.Dockerfile b/builds/ubi9/Adobe2023.Dockerfile index 4abc5fe..e9ca8a9 100644 --- a/builds/ubi9/Adobe2023.Dockerfile +++ b/builds/ubi9/Adobe2023.Dockerfile @@ -5,7 +5,7 @@ LABEL maintainer "Jon Clausen " LABEL repository "https://github.com/Ortus-Solutions/docker-commandbox" #Hard Code our engine environment -ENV BOX_SERVER_APP_CFENGINE adobe@2023.0.14+330784 +ENV BOX_SERVER_APP_CFENGINE adobe@2023.0.16+330828 # WARM UP THE SERVER RUN ${BUILD_DIR}/util/warmup-server.sh \ No newline at end of file diff --git a/builds/ubi9/Adobe2025.Dockerfile b/builds/ubi9/Adobe2025.Dockerfile index 9d45de3..3ad79df 100644 --- a/builds/ubi9/Adobe2025.Dockerfile +++ b/builds/ubi9/Adobe2025.Dockerfile @@ -6,7 +6,7 @@ LABEL repository "https://github.com/Ortus-Solutions/docker-commandbox" #Hard Code our engine environment -ENV BOX_SERVER_APP_CFENGINE adobe@2025.0.02+331451 +ENV BOX_SERVER_APP_CFENGINE adobe@2025.0.04+331512 # WARM UP THE SERVER RUN ${BUILD_DIR}/util/warmup-server.sh \ No newline at end of file diff --git a/changelog.md b/changelog.md index ea770ce..871e8cb 100644 --- a/changelog.md +++ b/changelog.md @@ -12,7 +12,14 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Changed - Add pre-dependendency install upgrades of packages to ensure latest security patches are applied -- + +## [6.2.1/3.13.7] - 2025-09-20 + +### Changed + +- Adobe Coldfusion 2021 updated to `2021.0.22+330451` +- Adobe Coldfusion 2023 updated to `2023.0.16+330828` +- Adobe Coldfusion 2025 updated to `2025.0.04+331512` ## [6.2.1/3.13.6] - 2025-08-06