[bitnami/reportserver] Release 4.5.0-6088-debian-11-r8 (#35101)

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
2023-05-24 18:10:35 +02:00 · 2023-05-24 18:10:35 +02:00 · 96b9c776cc
parent b2bbfe723e
commit 96b9c776cc
5 changed files with 49 additions and 25 deletions
--- a/bitnami/reportserver/4/debian-11/Dockerfile
+++ b/bitnami/reportserver/4/debian-11/Dockerfile
@ -3,12 +3,11 @@ FROM docker.io/bitnami/minideb:bullseye
 ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security"
 ARG TARGETARCH

-LABEL com.vmware.cp.artifact.flavor="sha256:109c7d51bd69bb6b3df71017440c1ea0699454f81fe188056c083f0b57c96ea6" \
-      org.opencontainers.image.base.name="docker.io/bitnami/minideb:bullseye" \
-      org.opencontainers.image.created="2023-04-23T03:31:52Z" \
+LABEL org.opencontainers.image.base.name="docker.io/bitnami/minideb:bullseye" \
+      org.opencontainers.image.created="2023-05-24T14:42:39Z" \
      org.opencontainers.image.description="Application packaged by VMware, Inc" \
      org.opencontainers.image.licenses="Apache-2.0" \
-      org.opencontainers.image.ref.name="4.5.0-6088-debian-11-r7" \
+      org.opencontainers.image.ref.name="4.5.0-6088-debian-11-r8" \
      org.opencontainers.image.title="reportserver" \
      org.opencontainers.image.vendor="VMware, Inc." \
      org.opencontainers.image.version="4.5.0-6088"
@ -24,11 +23,11 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 RUN install_packages ca-certificates curl libaudit1 libcap-ng0 libgcc-s1 libicu67 liblzma5 libncurses6 libpam0g libssl1.1 libstdc++6 libtinfo6 libxml2 procps xmlstarlet zlib1g
 RUN mkdir -p /tmp/bitnami/pkg/cache/ && cd /tmp/bitnami/pkg/cache/ && \
    COMPONENTS=( \
-      "java-17.0.7-7-1-linux-${OS_ARCH}-debian-11" \
-      "tomcat-9.0.74-1-linux-${OS_ARCH}-debian-11" \
-      "mysql-client-10.11.2-5-linux-${OS_ARCH}-debian-11" \
+      "java-17.0.7-7-2-linux-${OS_ARCH}-debian-11" \
+      "tomcat-9.0.75-1-linux-${OS_ARCH}-debian-11" \
+      "mysql-client-10.11.3-1-linux-${OS_ARCH}-debian-11" \
      "reportserver-4.5.0-6088-1-linux-${OS_ARCH}-debian-11" \
-      "render-template-1.0.5-5-linux-${OS_ARCH}-debian-11" \
+      "render-template-1.0.5-6-linux-${OS_ARCH}-debian-11" \
    ) && \
    for COMPONENT in "${COMPONENTS[@]}"; do \
      if [ ! -f "${COMPONENT}.tar.gz" ]; then \
--- a/bitnami/reportserver/4/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json
+++ b/bitnami/reportserver/4/debian-11/prebuildfs/opt/bitnami/.bitnami_components.json
@ -3,19 +3,19 @@
        "arch": "amd64",
        "distro": "debian-11",
        "type": "NAMI",
-        "version": "17.0.7-7-1"
+        "version": "17.0.7-7-2"
    },
    "mysql-client": {
        "arch": "amd64",
        "distro": "debian-11",
        "type": "NAMI",
-        "version": "10.11.2-5"
+        "version": "10.11.3-1"
    },
    "render-template": {
        "arch": "amd64",
        "distro": "debian-11",
        "type": "NAMI",
-        "version": "1.0.5-5"
+        "version": "1.0.5-6"
    },
    "reportserver": {
        "arch": "amd64",
@ -27,6 +27,6 @@
        "arch": "amd64",
        "distro": "debian-11",
        "type": "NAMI",
-        "version": "9.0.74-1"
+        "version": "9.0.75-1"
    }
 }
--- a/bitnami/reportserver/4/debian-11/prebuildfs/opt/bitnami/scripts/libos.sh
+++ b/bitnami/reportserver/4/debian-11/prebuildfs/opt/bitnami/scripts/libos.sh
@ -412,11 +412,16 @@ generate_random_string() {
    ascii)
        filter="[:print:]"
        ;;
+    numeric)
+        filter="0-9"
+        ;;
    alphanumeric)
        filter="a-zA-Z0-9"
        ;;
-    numeric)
-        filter="0-9"
+    alphanumeric+special|special+alphanumeric)
+        # Limit variety of special characters, so there is a higher chance of containing more alphanumeric characters
+        # Special characters are harder to write, and it could impact the overall UX if most passwords are too complex
+        filter='a-zA-Z0-9:@.,/+!='
        ;;
    *)
        echo "Invalid type ${type}" >&2
@ -647,4 +652,4 @@ run_chroot() {
    else
        chroot --userspec="$userspec" / bash -c "cd ${cwd}; export HOME=${homedir}; exec \"\$@\"" -- "$@"
    fi
-}
+}
--- a/bitnami/reportserver/4/debian-11/rootfs/opt/bitnami/scripts/libtomcat.sh
+++ b/bitnami/reportserver/4/debian-11/rootfs/opt/bitnami/scripts/libtomcat.sh
@ -132,6 +132,24 @@ tomcat_enable_ajp() {
    fi
 }

+########################
+# Enable a specific Tomcat application for public access
+# Globals:
+#   TOMCAT_*
+# Arguments:
+#   $1 - Tomcat application to enable
+# Returns:
+#   None
+#########################
+tomcat_enable_application() {
+    local application="${1:?missing application}"
+    # Access control is configured in the application's context.xml with a Valve element
+    # context.xml docs: https://tomcat.apache.org/tomcat-9.0-doc/config/context.html
+    # Valve docs for Access Control: https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Access_Control
+    [[ ! -f "${TOMCAT_WEBAPPS_DIR}/${application}/META-INF/context.xml" ]] && return
+    xmlstarlet ed -S --inplace --update '//Valve/@allow' --value '\d+\.\d+\.\d+\.\d+' "${TOMCAT_WEBAPPS_DIR}/${application}/META-INF/context.xml"
+}
+
 ########################
 # Ensure Tomcat is initialized
 # Globals:
@ -183,20 +201,20 @@ EOF
        if is_boolean_yes "$TOMCAT_INSTALL_DEFAULT_WEBAPPS"; then
            info "Deploying Tomcat from scratch"
            cp -rp "$TOMCAT_BASE_DIR"/webapps_default/* "$TOMCAT_WEBAPPS_DIR"
+
+            # These applications have been enabled for historical reasons, and do not pose any security threat
+            tomcat_enable_application examples
+            tomcat_enable_application docs
+            if is_boolean_yes "$TOMCAT_ALLOW_REMOTE_MANAGEMENT"; then
+                # These applications should not be enabled by default, for security reasons
+                info "Enabling remote connections for manager and host-manager applications"
+                tomcat_enable_application manager
+                tomcat_enable_application host-manager
+            fi
        else
            info "Skipping deployment of default webapps"
        fi

-        # Access control is configured in the application's context.xml with a Valve element
-        # context.xml docs: https://tomcat.apache.org/tomcat-9.0-doc/config/context.html
-        # Valve docs for Access Control: https://tomcat.apache.org/tomcat-9.0-doc/config/valve.html#Access_Control
-        if is_boolean_yes "$TOMCAT_ALLOW_REMOTE_MANAGEMENT"; then
-            info "Enabling remote connections for manager and host-manager applications"
-             for application in manager host-manager examples docs; do
-                [[ -f "${TOMCAT_WEBAPPS_DIR}/${application}/META-INF/context.xml" ]] || continue
-                xmlstarlet ed -S --inplace --update '//Valve/@allow' --value '\d+\.\d+\.\d+\.\d+' "${TOMCAT_WEBAPPS_DIR}/${application}/META-INF/context.xml"
-            done
-        fi
    fi
 }

--- a/bitnami/reportserver/README.md
+++ b/bitnami/reportserver/README.md
@ -25,6 +25,8 @@ docker-compose up -d
 - All Bitnami images available in Docker Hub are signed with [Docker Content Trust (DCT)](https://docs.docker.com/engine/security/trust/content_trust/). You can use `DOCKER_CONTENT_TRUST=1` to verify the integrity of the images.
 - Bitnami container images are released on a regular basis with the latest distribution packages available.

+Looking to use ReportServer Community in production? Try [VMware Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
+
 ## Why use a non-root container?

 Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers [in our docs](https://docs.bitnami.com/tutorials/work-with-non-root-containers/).