Use buildx for docker image creation (#4308) by jekkos · Pull Request #4342 · opensourcepos/opensourcepos · GitHub
Skip to content

Use buildx for docker image creation (#4308)#4342

Closed
jekkos wants to merge 5 commits into
masterfrom
arm64-docker-image
Closed

Use buildx for docker image creation (#4308)#4342
jekkos wants to merge 5 commits into
masterfrom
arm64-docker-image

Conversation

@jekkos

@jekkos jekkos commented Nov 23, 2025

Copy link
Copy Markdown
Member

No description provided.

@jekkos jekkos force-pushed the arm64-docker-image branch 2 times, most recently from 102e60e to 1d64d3a Compare December 1, 2025 21:01
@jekkos jekkos force-pushed the arm64-docker-image branch 7 times, most recently from d6193b7 to 5d85a1c Compare December 17, 2025 21:54
@jekkos jekkos force-pushed the arm64-docker-image branch from 5d85a1c to 4a825e0 Compare December 21, 2025 21:59
objecttothis
objecttothis previously approved these changes Mar 6, 2026
The docker-container driver uses moby/buildkit by default.
- Build and test ospos_test on native amd64 (avoids QEMU segfaults)
- Push multi-platform image to registry after tests pass
- Use --push flag required for docker-container driver with multiple platforms
objecttothis
objecttothis previously approved these changes Mar 8, 2026
@jekkos

jekkos commented Mar 8, 2026

Copy link
Copy Markdown
Member Author

- Add Security Advisories section with 4 published CVEs
- Include CVE ID, vulnerability description, CVSS score, publication date, fixed version, and reporter credits
- Update supported versions table to reflect current state (>= 3.4.2)
- Add link to GitHub Security Advisories page for complete list

CVEs added:
- CVE-2025-68434: CSRF leading to Admin Creation (8.8)
- CVE-2025-68147: Stored XSS in Return Policy (8.1)
- CVE-2025-66924: Stored XSS in Item Kits (7.2)
- CVE-2025-68658: Stored XSS in Company Name (4.3)
@objecttothis

Copy link
Copy Markdown
Member

@jekkos jekkos closed this Mar 11, 2026
@objecttothis objecttothis deleted the arm64-docker-image branch May 19, 2026 12:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants