From 4822ea7aa89b95371271c6ab8910a6c69ec356cd Mon Sep 17 00:00:00 2001 From: Roy Russo Date: Tue, 30 Nov 2021 18:49:35 -0500 Subject: [PATCH 1/5] Update README.md --- README.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/README.md b/README.md index d53dfb9e..3fd38b58 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,8 @@ # ElasticHQ +## This project is no longer maintained. +###It has become too time-consuming to maintain this project with Elastic as a moving target. Elastic's license changes, frequent backwards incompatibilities, and crippling of their "open source" python libs were too much to keep up with. + Simplified Monitoring and Management for ElasticSearch clusters. [![gitHub stars](https://img.shields.io/github/stars/ElasticHQ/elasticsearch-HQ.svg)](https://github.com/ElasticHQ/elasticsearch-HQ) From 9eab1ef759845ff52c4a1100e2f71e6600316b2b Mon Sep 17 00:00:00 2001 From: Roy Russo Date: Tue, 30 Nov 2021 18:49:46 -0500 Subject: [PATCH 2/5] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 3fd38b58..a066f8e0 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # ElasticHQ ## This project is no longer maintained. -###It has become too time-consuming to maintain this project with Elastic as a moving target. Elastic's license changes, frequent backwards incompatibilities, and crippling of their "open source" python libs were too much to keep up with. +### It has become too time-consuming to maintain this project with Elastic as a moving target. Elastic's license changes, frequent backwards incompatibilities, and crippling of their "open source" python libs were too much to keep up with. Simplified Monitoring and Management for ElasticSearch clusters. From 8197e21d09b1312492dcb6998a2349d73b06efc6 Mon Sep 17 00:00:00 2001 From: Roy Russo Date: Tue, 30 Nov 2021 18:52:36 -0500 Subject: [PATCH 3/5] Update README.md --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a066f8e0..df00c8a5 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # ElasticHQ -## This project is no longer maintained. -### It has become too time-consuming to maintain this project with Elastic as a moving target. Elastic's license changes, frequent backwards incompatibilities, and crippling of their "open source" python libs were too much to keep up with. +## This project is no longer maintained. Use at your own risk. +#### It has become too time-consuming to maintain this project with Elasticsearch acting as a moving target. Elastic's license changes, frequent backwards incompatibilities, and [crippling](https://github.com/elastic/elasticsearch-py/pull/1623) of their "open source" python libs were too much to keep up with. Simplified Monitoring and Management for ElasticSearch clusters. From 2631d5b2315cfb146fcc74d723107e904cd16c31 Mon Sep 17 00:00:00 2001 From: cytar Date: Thu, 23 Feb 2023 10:21:29 +0100 Subject: [PATCH 4/5] =?UTF-8?q?fix=20the=20following=20image=20vulnerabili?= =?UTF-8?q?ties:=20=E2=9C=97=20Medium=20severity=20vulnerability=20found?= =?UTF-8?q?=20in=20e2fsprogs/libcom=5Ferr=20=20=20Description:=20Out-of-bo?= =?UTF-8?q?unds=20Write=20=20=20Info:=20https://snyk.io/vuln/SNYK-ALPINE37?= =?UTF-8?q?-E2FSPROGS-493456=20=20=20Introduced=20through:=20e2fsprogs/lib?= =?UTF-8?q?com=5Ferr@1.43.7-r0,=20krb5-conf/krb5-conf@1.0-r1=20=20=20From:?= =?UTF-8?q?=20e2fsprogs/libcom=5Ferr@1.43.7-r0=20=20=20From:=20krb5-conf/k?= =?UTF-8?q?rb5-conf@1.0-r1=20>=20krb5/krb5-libs@1.15.4-r0=20>=20e2fsprogs/?= =?UTF-8?q?libcom=5Ferr@1.43.7-r0=20=20=20Image=20layer:=20Introduced=20by?= =?UTF-8?q?=20your=20base=20image=20(python:3.6.8-alpine3.7)=20=20=20Fixed?= =?UTF-8?q?=20in:=201.43.7-r1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ✗ High severity vulnerability found in expat/expat Description: XML External Entity (XXE) Injection Info: https://snyk.io/vuln/SNYK-ALPINE37-EXPAT-453374 Introduced through: expat/expat@2.2.5-r0, .python-rundeps@0, python2/python2@2.7.15-r2, python3/python3@3.6.9-r1 From: expat/expat@2.2.5-r0 From: .python-rundeps@0 > expat/expat@2.2.5-r0 From: python2/python2@2.7.15-r2 > expat/expat@2.2.5-r0 and 1 more... Image layer: Introduced by your base image (python:3.6.8-alpine3.7) Fixed in: 2.2.7-r0 ✗ High severity vulnerability found in expat/expat Description: Out-of-bounds Read Info: https://snyk.io/vuln/SNYK-ALPINE37-EXPAT-489399 Introduced through: expat/expat@2.2.5-r0, .python-rundeps@0, python2/python2@2.7.15-r2, python3/python3@3.6.9-r1 From: expat/expat@2.2.5-r0 From: .python-rundeps@0 > expat/expat@2.2.5-r0 From: python2/python2@2.7.15-r2 > expat/expat@2.2.5-r0 and 1 more... Image layer: Introduced by your base image (python:3.6.8-alpine3.7) Fixed in: 2.2.7-r1 ✗ Critical severity vulnerability found in sqlite/sqlite-libs Description: Out-of-bounds Read Info: https://snyk.io/vuln/SNYK-ALPINE37-SQLITE-458200 Introduced through: sqlite/sqlite-libs@3.25.3-r0, .python-rundeps@0, python2/python2@2.7.15-r2, python3/python3@3.6.9-r1 From: sqlite/sqlite-libs@3.25.3-r0 From: .python-rundeps@0 > sqlite/sqlite-libs@3.25.3-r0 From: python2/python2@2.7.15-r2 > sqlite/sqlite-libs@3.25.3-r0 and 1 more... Image layer: Introduced by your base image (python:3.6.8-alpine3.7) Fixed in: 3.25.3-r1 --- Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 9341cf49..1ff89f6b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,7 +7,8 @@ RUN apk update && \ apk add supervisor && \ apk add --update py2-pip && \ apk add --no-cache bash && \ - apk add --no-cache --virtual .build-deps bzip2-dev gcc libc-dev libffi-dev openssl-dev python3-dev make + apk add --no-cache --virtual .build-deps bzip2-dev gcc libc-dev libffi-dev openssl-dev python3-dev make && \ + apk upgrade "expat==2.2.8-r0" # Copy project sources COPY . /src From 31c00ec2a9e46653db463a76ff2df5f0ddb3b72e Mon Sep 17 00:00:00 2001 From: cytar Date: Thu, 23 Feb 2023 10:32:08 +0100 Subject: [PATCH 5/5] use last pip version --- Dockerfile | 3 ++- README.md | 3 --- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1ff89f6b..971c826e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,7 +17,8 @@ COPY . /src WORKDIR /src # Install app dependencies and create supervisord dirs -RUN pip3 install -U -r requirements.txt && \ +RUN pip3 install --upgrade pip==21.3.1 && \ + pip3 install -U -r requirements.txt && \ pip3 install gunicorn==19.7.1 && \ mkdir -p /etc/supervisor/conf.d /var/log/supervisor /var/run/supervisor diff --git a/README.md b/README.md index df00c8a5..d53dfb9e 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,5 @@ # ElasticHQ -## This project is no longer maintained. Use at your own risk. -#### It has become too time-consuming to maintain this project with Elasticsearch acting as a moving target. Elastic's license changes, frequent backwards incompatibilities, and [crippling](https://github.com/elastic/elasticsearch-py/pull/1623) of their "open source" python libs were too much to keep up with. - Simplified Monitoring and Management for ElasticSearch clusters. [![gitHub stars](https://img.shields.io/github/stars/ElasticHQ/elasticsearch-HQ.svg)](https://github.com/ElasticHQ/elasticsearch-HQ)