Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: use the 'tar' filter to remove warnings #2

Closed
wants to merge 3 commits into from
Closed

fix: use the 'tar' filter to remove warnings #2

wants to merge 3 commits into from

Conversation

davidfestal
Copy link
Owner

Description

Since recently on both docker images, which have been updated, the following warning is displayed in the initContainer logs during dynamic plugins installation:

==> Extracting package archive /dynamic-plugins-root/janus-idp-backstage-plugin-topology-1.16.4.tgz
/usr/lib64/python3.9/tarfile.py:2239: RuntimeWarning: The default behavior of tarfile extraction has been changed to disallow common exploits (including CVE-2007-4559). By default, absolute/parent paths are disallowed and some mode bits are cleared. See https://access.redhat.com/articles/7004769 for more details.

This is because a new filter option option has been added in the python tar library, whose default value changes the default behavior of the library.

Explicitely setting this filter option to tar (which is the new default) should remove the warning from the logs.

Which issue(s) does this PR fix

No issue

PR acceptance criteria

Please make sure that the following steps are complete:

  • GitHub Actions are completed and successful
  • Unit Tests are updated and passing
  • E2E Tests are updated and passing
  • Documentation is updated if necessary (requirement for new features)
  • Add a screenshot if the change is UX/UI related

How to test changes / Special notes to the reviewer

davidfestal and others added 3 commits November 13, 2023 16:53
@davidfestal
Increase max entry size for dynamic plugins (janus-idp#766)
559f623 
in order to avoid triggering a zip-bomb error during installation
for plugins delivered as part of the showcase docker image.

Signed-off-by: David Festal <[email protected]>
@Zaperex @kadel
update OIDC sign in page title (janus-idp#751)
137d578 
* update OIDC sign in page title

* chore: add changeset

---------

Co-authored-by: Tomas Kral <[email protected]>
@davidfestal
fix: use the 'tar' filter to remove warnings
169e12d 
Signed-off-by: David Festal <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@davidfestal @Zaperex