Commit released Helm Chart and docs for TrueCharts

Signed-off-by: TrueCharts-Bot <bot@truecharts.org>
This commit is contained in:
TrueCharts-Bot 2021-12-17 14:00:55 +00:00
parent 9d19dd0d64
commit 43171d2bb3
19 changed files with 214 additions and 2303 deletions

View File

@ -1,6 +1,20 @@
# Changelog<br>
<a name="tdarr-node-1.0.26"></a>
### [tdarr-node-1.0.26](https://github.com/truecharts/apps/compare/tdarr-node-1.0.25...tdarr-node-1.0.26) (2021-12-17)
#### Chore
* App-Icon Organization ([#1539](https://github.com/truecharts/apps/issues/1539))
* update docker general non-major
#### Fix
* app needs r/w access to rootfs ([#1549](https://github.com/truecharts/apps/issues/1549))
<a name="tdarr-node-1.0.25"></a>
### [tdarr-node-1.0.25](https://github.com/truecharts/apps/compare/tdarr-node-1.0.24...tdarr-node-1.0.25) (2021-12-14)

View File

@ -19,7 +19,7 @@ You will, however, be able to use all values referenced in the common chart here
| env.serverPort | int | `8266` | |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.repository | string | `"tccr.io/truecharts/tdarr_node"` | |
| image.tag | string | `"v2.00.12@sha256:79b1211a1eefc564724935d532b6b90904d67efc9d8a238873e7156aa70f2f4a"` | |
| image.tag | string | `"v2.00.12@sha256:aaacfe9159377a03013ef112e175586a5c2b64eadd2d51412bd73ac6469a1a81"` | |
| persistence.configs.enabled | bool | `true` | |
| persistence.configs.mountPath | string | `"/app/configs"` | |
| persistence.logs.enabled | bool | `true` | |

File diff suppressed because one or more lines are too long

View File

@ -1,6 +1,20 @@
# Changelog<br>
<a name="tdarr-1.0.26"></a>
### [tdarr-1.0.26](https://github.com/truecharts/apps/compare/tdarr-1.0.25...tdarr-1.0.26) (2021-12-17)
#### Chore
* App-Icon Organization ([#1539](https://github.com/truecharts/apps/issues/1539))
* update docker general non-major
#### Fix
* app needs r/w access to rootfs ([#1549](https://github.com/truecharts/apps/issues/1549))
<a name="tdarr-1.0.25"></a>
### [tdarr-1.0.25](https://github.com/truecharts/apps/compare/tdarr-1.0.24...tdarr-1.0.25) (2021-12-14)

View File

@ -17,7 +17,7 @@ You will, however, be able to use all values referenced in the common chart here
| env.webUIPort | int | `8265` | |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.repository | string | `"tccr.io/truecharts/tdarr"` | |
| image.tag | string | `"v2.00.12@sha256:5c3f4b038b5a59614ab1dca605894e85fe809f9fc08ffb478ab8bcc1a8cdf057"` | |
| image.tag | string | `"v2.00.12@sha256:bcab55c22183072ae0acdac9b3348cb28daaa77dade55c51f4ee879801895760"` | |
| persistence.configs.enabled | bool | `true` | |
| persistence.configs.mountPath | string | `"/app/configs"` | |
| persistence.logs.enabled | bool | `true` | |

File diff suppressed because one or more lines are too long

View File

@ -1,6 +1,19 @@
# Changelog<br>
<a name="paperless-ng-0.0.4"></a>
### [paperless-ng-0.0.4](https://github.com/truecharts/apps/compare/paperless-ng-0.0.3...paperless-ng-0.0.4) (2021-12-17)
#### Chore
* App-Icon Organization ([#1539](https://github.com/truecharts/apps/issues/1539))
#### Fix
* app needs r/w access to rootfs ([#1549](https://github.com/truecharts/apps/issues/1549))
<a name="paperless-ng-0.0.3"></a>
### [paperless-ng-0.0.3](https://github.com/truecharts/apps/compare/paperless-ng-0.0.2...paperless-ng-0.0.3) (2021-12-14)

View File

@ -17,9 +17,12 @@ You will, however, be able to use all values referenced in the common chart here
| image.tag | string | `"v1.5.0"` | |
| persistence.config.enabled | bool | `true` | |
| persistence.config.mountPath | string | `"/config"` | |
| persistence.data.enabled | bool | `true` | |
| persistence.data.mountPath | string | `"/data"` | |
| persistence.varrun.enabled | bool | `true` | |
| podSecurityContext.runAsGroup | int | `0` | |
| podSecurityContext.runAsUser | int | `0` | |
| securityContext.readOnlyRootFilesystem | bool | `false` | |
| securityContext.runAsNonRoot | bool | `false` | |
| service.main.ports.main.port | int | `10140` | |
| service.main.ports.main.targetPort | int | `8000` | |

View File

@ -21,6 +21,7 @@ hide:
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;RELEASE-NAME-paperless-ng&#39; of Deployment &#39;RELEASE-NAME-paperless-ng&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-paperless-ng&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV013 | Image tag &#39;:latest&#39; used | LOW | <details><summary>Expand...</summary> It is best to avoid using the &#39;:latest&#39; image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-paperless-ng&#39; should specify an image tag </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/configuration/overview/#container-images">https://kubernetes.io/docs/concepts/configuration/overview/#container-images</a><br><a href="https://avd.aquasec.com/appshield/ksv013">https://avd.aquasec.com/appshield/ksv013</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;RELEASE-NAME-paperless-ng&#39; of Deployment &#39;RELEASE-NAME-paperless-ng&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-paperless-ng&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV019 | Seccomp policies disabled | MEDIUM | <details><summary>Expand...</summary> A program inside the container can bypass Seccomp protection policies. <br> <hr> <br> Container &#39;RELEASE-NAME-paperless-ng&#39; of Deployment &#39;RELEASE-NAME-paperless-ng&#39; should specify a seccomp profile </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/metadata-annotations-container-seccomp-security-alpha-kubernetes-io-pod/">https://kubesec.io/basics/metadata-annotations-container-seccomp-security-alpha-kubernetes-io-pod/</a><br><a href="https://avd.aquasec.com/appshield/ksv019">https://avd.aquasec.com/appshield/ksv019</a><br></details> |
| Kubernetes Security Check | KSV019 | Seccomp policies disabled | MEDIUM | <details><summary>Expand...</summary> A program inside the container can bypass Seccomp protection policies. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-paperless-ng&#39; should specify a seccomp profile </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/metadata-annotations-container-seccomp-security-alpha-kubernetes-io-pod/">https://kubesec.io/basics/metadata-annotations-container-seccomp-security-alpha-kubernetes-io-pod/</a><br><a href="https://avd.aquasec.com/appshield/ksv019">https://avd.aquasec.com/appshield/ksv019</a><br></details> |
@ -481,6 +482,6 @@ hide:
| Django | CVE-2021-44420 | HIGH | 3.2.6 | 3.2.10, 3.1.14, 2.2.25 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44420">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44420</a><br><a href="https://docs.djangoproject.com/en/3.2/releases/security/">https://docs.djangoproject.com/en/3.2/releases/security/</a><br><a href="https://github.com/advisories/GHSA-v6rh-hp5x-86rv">https://github.com/advisories/GHSA-v6rh-hp5x-86rv</a><br><a href="https://github.com/django/django/commit/d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6">https://github.com/django/django/commit/d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6</a><br><a href="https://groups.google.com/forum/#!forum/django-announce">https://groups.google.com/forum/#!forum/django-announce</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-44420">https://nvd.nist.gov/vuln/detail/CVE-2021-44420</a><br><a href="https://ubuntu.com/security/notices/USN-5178-1">https://ubuntu.com/security/notices/USN-5178-1</a><br><a href="https://www.djangoproject.com/weblog/2021/dec/07/security-releases/">https://www.djangoproject.com/weblog/2021/dec/07/security-releases/</a><br><a href="https://www.openwall.com/lists/oss-security/2021/12/07/1">https://www.openwall.com/lists/oss-security/2021/12/07/1</a><br></details> |
| Pillow | CVE-2021-23437 | HIGH | 8.3.1 | 8.3.2 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23437">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23437</a><br><a href="https://github.com/advisories/GHSA-98vv-pw6r-q6q4">https://github.com/advisories/GHSA-98vv-pw6r-q6q4</a><br><a href="https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b">https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-23437">https://nvd.nist.gov/vuln/detail/CVE-2021-23437</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html">https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html</a><br><a href="https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443">https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443</a><br></details> |
| Pillow | pyup.io-41277 | UNKNOWN | 8.3.1 | 8.3.2 | <details><summary>Expand...</summary></details> |
| lxml | CVE-2021-43818 | HIGH | 4.6.3 | 4.6.5 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-55x5-fj6c-h6m8">https://github.com/advisories/GHSA-55x5-fj6c-h6m8</a><br><a href="https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a">https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a</a><br><a href="https://github.com/lxml/lxml/commit/a3eacbc0dcf1de1c822ec29fb7d090a4b1712a9c#diff-59130575b4fb2932c957db2922977d7d89afb0b2085357db1a14615a2fcad776">https://github.com/lxml/lxml/commit/a3eacbc0dcf1de1c822ec29fb7d090a4b1712a9c#diff-59130575b4fb2932c957db2922977d7d89afb0b2085357db1a14615a2fcad776</a><br><a href="https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0">https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0</a><br><a href="https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8">https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-43818">https://nvd.nist.gov/vuln/detail/CVE-2021-43818</a><br></details> |
| lxml | CVE-2021-43818 | HIGH | 4.6.3 | 4.6.5 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-55x5-fj6c-h6m8">https://github.com/advisories/GHSA-55x5-fj6c-h6m8</a><br><a href="https://github.com/lxml/lxml/blob/lxml-4.6.5/CHANGES.txt">https://github.com/lxml/lxml/blob/lxml-4.6.5/CHANGES.txt</a><br><a href="https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a">https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a</a><br><a href="https://github.com/lxml/lxml/commit/a3eacbc0dcf1de1c822ec29fb7d090a4b1712a9c#diff-59130575b4fb2932c957db2922977d7d89afb0b2085357db1a14615a2fcad776">https://github.com/lxml/lxml/commit/a3eacbc0dcf1de1c822ec29fb7d090a4b1712a9c#diff-59130575b4fb2932c957db2922977d7d89afb0b2085357db1a14615a2fcad776</a><br><a href="https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0">https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0</a><br><a href="https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8">https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-43818">https://nvd.nist.gov/vuln/detail/CVE-2021-43818</a><br></details> |
| reportlab | CVE-2020-28463 | MEDIUM | 3.6.1 | | <details><summary>Expand...</summary><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1930417">https://bugzilla.redhat.com/show_bug.cgi?id=1930417</a><br><a href="https://github.com/advisories/GHSA-mpvw-25mg-59vx">https://github.com/advisories/GHSA-mpvw-25mg-59vx</a><br><a href="https://hg.reportlab.com/hg-public/reportlab/file/f094d273903a/CHANGES.md#l71">https://hg.reportlab.com/hg-public/reportlab/file/f094d273903a/CHANGES.md#l71</a><br><a href="https://hg.reportlab.com/hg-public/reportlab/rev/7f2231703dc7">https://hg.reportlab.com/hg-public/reportlab/rev/7f2231703dc7</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMUJA5GZTPQ5WRYUCCK2GEZM4W43N7HH/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMUJA5GZTPQ5WRYUCCK2GEZM4W43N7HH/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZQSFCID67K6BTC655EQY6MNOF35QI44/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZQSFCID67K6BTC655EQY6MNOF35QI44/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-28463">https://nvd.nist.gov/vuln/detail/CVE-2020-28463</a><br><a href="https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145">https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145</a><br><a href="https://www.reportlab.com/docs/reportlab-userguide.pdf">https://www.reportlab.com/docs/reportlab-userguide.pdf</a><br></details> |
| sqlparse | CVE-2021-32839 | HIGH | 0.4.1 | 0.4.2 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32839">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32839</a><br><a href="https://github.com/advisories/GHSA-p5w8-wqhj-9hhf">https://github.com/advisories/GHSA-p5w8-wqhj-9hhf</a><br><a href="https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb">https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb</a><br><a href="https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf">https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-32839">https://nvd.nist.gov/vuln/detail/CVE-2021-32839</a><br><a href="https://securitylab.github.com/advisories/GHSL-2021-107-andialbrecht-sqlparse/">https://securitylab.github.com/advisories/GHSL-2021-107-andialbrecht-sqlparse/</a><br><a href="https://ubuntu.com/security/notices/USN-5085-1">https://ubuntu.com/security/notices/USN-5085-1</a><br></details> |

View File

@ -1,6 +1,20 @@
# Changelog<br>
<a name="tdarr-node-1.0.26"></a>
### [tdarr-node-1.0.26](https://github.com/truecharts/apps/compare/tdarr-node-1.0.25...tdarr-node-1.0.26) (2021-12-17)
#### Chore
* App-Icon Organization ([#1539](https://github.com/truecharts/apps/issues/1539))
* update docker general non-major
#### Fix
* app needs r/w access to rootfs ([#1549](https://github.com/truecharts/apps/issues/1549))
<a name="tdarr-node-1.0.25"></a>
### [tdarr-node-1.0.25](https://github.com/truecharts/apps/compare/tdarr-node-1.0.24...tdarr-node-1.0.25) (2021-12-14)

View File

@ -19,7 +19,7 @@ You will, however, be able to use all values referenced in the common chart here
| env.serverPort | int | `8266` | |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.repository | string | `"tccr.io/truecharts/tdarr_node"` | |
| image.tag | string | `"v2.00.12@sha256:79b1211a1eefc564724935d532b6b90904d67efc9d8a238873e7156aa70f2f4a"` | |
| image.tag | string | `"v2.00.12@sha256:aaacfe9159377a03013ef112e175586a5c2b64eadd2d51412bd73ac6469a1a81"` | |
| persistence.configs.enabled | bool | `true` | |
| persistence.configs.mountPath | string | `"/app/configs"` | |
| persistence.logs.enabled | bool | `true` | |

File diff suppressed because one or more lines are too long

View File

@ -1,6 +1,20 @@
# Changelog<br>
<a name="tdarr-1.0.26"></a>
### [tdarr-1.0.26](https://github.com/truecharts/apps/compare/tdarr-1.0.25...tdarr-1.0.26) (2021-12-17)
#### Chore
* App-Icon Organization ([#1539](https://github.com/truecharts/apps/issues/1539))
* update docker general non-major
#### Fix
* app needs r/w access to rootfs ([#1549](https://github.com/truecharts/apps/issues/1549))
<a name="tdarr-1.0.25"></a>
### [tdarr-1.0.25](https://github.com/truecharts/apps/compare/tdarr-1.0.24...tdarr-1.0.25) (2021-12-14)

View File

@ -17,7 +17,7 @@ You will, however, be able to use all values referenced in the common chart here
| env.webUIPort | int | `8265` | |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.repository | string | `"tccr.io/truecharts/tdarr"` | |
| image.tag | string | `"v2.00.12@sha256:5c3f4b038b5a59614ab1dca605894e85fe809f9fc08ffb478ab8bcc1a8cdf057"` | |
| image.tag | string | `"v2.00.12@sha256:bcab55c22183072ae0acdac9b3348cb28daaa77dade55c51f4ee879801895760"` | |
| persistence.configs.enabled | bool | `true` | |
| persistence.configs.mountPath | string | `"/app/configs"` | |
| persistence.logs.enabled | bool | `true` | |

File diff suppressed because one or more lines are too long

View File

@ -1,6 +1,19 @@
# Changelog<br>
<a name="paperless-ng-0.0.4"></a>
### [paperless-ng-0.0.4](https://github.com/truecharts/apps/compare/paperless-ng-0.0.3...paperless-ng-0.0.4) (2021-12-17)
#### Chore
* App-Icon Organization ([#1539](https://github.com/truecharts/apps/issues/1539))
#### Fix
* app needs r/w access to rootfs ([#1549](https://github.com/truecharts/apps/issues/1549))
<a name="paperless-ng-0.0.3"></a>
### [paperless-ng-0.0.3](https://github.com/truecharts/apps/compare/paperless-ng-0.0.2...paperless-ng-0.0.3) (2021-12-14)

View File

@ -17,9 +17,12 @@ You will, however, be able to use all values referenced in the common chart here
| image.tag | string | `"v1.5.0"` | |
| persistence.config.enabled | bool | `true` | |
| persistence.config.mountPath | string | `"/config"` | |
| persistence.data.enabled | bool | `true` | |
| persistence.data.mountPath | string | `"/data"` | |
| persistence.varrun.enabled | bool | `true` | |
| podSecurityContext.runAsGroup | int | `0` | |
| podSecurityContext.runAsUser | int | `0` | |
| securityContext.readOnlyRootFilesystem | bool | `false` | |
| securityContext.runAsNonRoot | bool | `false` | |
| service.main.ports.main.port | int | `10140` | |
| service.main.ports.main.targetPort | int | `8000` | |

View File

@ -21,6 +21,7 @@ hide:
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;RELEASE-NAME-paperless-ng&#39; of Deployment &#39;RELEASE-NAME-paperless-ng&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | <details><summary>Expand...</summary> &#39;runAsNonRoot&#39; forces the running image to run as a non-root user to ensure least privileges. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-paperless-ng&#39; should set &#39;securityContext.runAsNonRoot&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted">https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted</a><br><a href="https://avd.aquasec.com/appshield/ksv012">https://avd.aquasec.com/appshield/ksv012</a><br></details> |
| Kubernetes Security Check | KSV013 | Image tag &#39;:latest&#39; used | LOW | <details><summary>Expand...</summary> It is best to avoid using the &#39;:latest&#39; image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-paperless-ng&#39; should specify an image tag </details>| <details><summary>Expand...</summary><a href="https://kubernetes.io/docs/concepts/configuration/overview/#container-images">https://kubernetes.io/docs/concepts/configuration/overview/#container-images</a><br><a href="https://avd.aquasec.com/appshield/ksv013">https://avd.aquasec.com/appshield/ksv013</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;RELEASE-NAME-paperless-ng&#39; of Deployment &#39;RELEASE-NAME-paperless-ng&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | <details><summary>Expand...</summary> An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-paperless-ng&#39; should set &#39;securityContext.readOnlyRootFilesystem&#39; to true </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/">https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/</a><br><a href="https://avd.aquasec.com/appshield/ksv014">https://avd.aquasec.com/appshield/ksv014</a><br></details> |
| Kubernetes Security Check | KSV019 | Seccomp policies disabled | MEDIUM | <details><summary>Expand...</summary> A program inside the container can bypass Seccomp protection policies. <br> <hr> <br> Container &#39;RELEASE-NAME-paperless-ng&#39; of Deployment &#39;RELEASE-NAME-paperless-ng&#39; should specify a seccomp profile </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/metadata-annotations-container-seccomp-security-alpha-kubernetes-io-pod/">https://kubesec.io/basics/metadata-annotations-container-seccomp-security-alpha-kubernetes-io-pod/</a><br><a href="https://avd.aquasec.com/appshield/ksv019">https://avd.aquasec.com/appshield/ksv019</a><br></details> |
| Kubernetes Security Check | KSV019 | Seccomp policies disabled | MEDIUM | <details><summary>Expand...</summary> A program inside the container can bypass Seccomp protection policies. <br> <hr> <br> Container &#39;autopermissions&#39; of Deployment &#39;RELEASE-NAME-paperless-ng&#39; should specify a seccomp profile </details>| <details><summary>Expand...</summary><a href="https://kubesec.io/basics/metadata-annotations-container-seccomp-security-alpha-kubernetes-io-pod/">https://kubesec.io/basics/metadata-annotations-container-seccomp-security-alpha-kubernetes-io-pod/</a><br><a href="https://avd.aquasec.com/appshield/ksv019">https://avd.aquasec.com/appshield/ksv019</a><br></details> |
@ -481,6 +482,6 @@ hide:
| Django | CVE-2021-44420 | HIGH | 3.2.6 | 3.2.10, 3.1.14, 2.2.25 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44420">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44420</a><br><a href="https://docs.djangoproject.com/en/3.2/releases/security/">https://docs.djangoproject.com/en/3.2/releases/security/</a><br><a href="https://github.com/advisories/GHSA-v6rh-hp5x-86rv">https://github.com/advisories/GHSA-v6rh-hp5x-86rv</a><br><a href="https://github.com/django/django/commit/d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6">https://github.com/django/django/commit/d4dcd5b9dd9e462fec8220e33e3e6c822b7e88a6</a><br><a href="https://groups.google.com/forum/#!forum/django-announce">https://groups.google.com/forum/#!forum/django-announce</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-44420">https://nvd.nist.gov/vuln/detail/CVE-2021-44420</a><br><a href="https://ubuntu.com/security/notices/USN-5178-1">https://ubuntu.com/security/notices/USN-5178-1</a><br><a href="https://www.djangoproject.com/weblog/2021/dec/07/security-releases/">https://www.djangoproject.com/weblog/2021/dec/07/security-releases/</a><br><a href="https://www.openwall.com/lists/oss-security/2021/12/07/1">https://www.openwall.com/lists/oss-security/2021/12/07/1</a><br></details> |
| Pillow | CVE-2021-23437 | HIGH | 8.3.1 | 8.3.2 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23437">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23437</a><br><a href="https://github.com/advisories/GHSA-98vv-pw6r-q6q4">https://github.com/advisories/GHSA-98vv-pw6r-q6q4</a><br><a href="https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b">https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RNSG6VFXTAROGF7ACYLMAZNQV4EJ6I2C/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VKRCL7KKAKOXCVD7M6WC5OKFGL4L3SJT/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-23437">https://nvd.nist.gov/vuln/detail/CVE-2021-23437</a><br><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html">https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html</a><br><a href="https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443">https://snyk.io/vuln/SNYK-PYTHON-PILLOW-1319443</a><br></details> |
| Pillow | pyup.io-41277 | UNKNOWN | 8.3.1 | 8.3.2 | <details><summary>Expand...</summary></details> |
| lxml | CVE-2021-43818 | HIGH | 4.6.3 | 4.6.5 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-55x5-fj6c-h6m8">https://github.com/advisories/GHSA-55x5-fj6c-h6m8</a><br><a href="https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a">https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a</a><br><a href="https://github.com/lxml/lxml/commit/a3eacbc0dcf1de1c822ec29fb7d090a4b1712a9c#diff-59130575b4fb2932c957db2922977d7d89afb0b2085357db1a14615a2fcad776">https://github.com/lxml/lxml/commit/a3eacbc0dcf1de1c822ec29fb7d090a4b1712a9c#diff-59130575b4fb2932c957db2922977d7d89afb0b2085357db1a14615a2fcad776</a><br><a href="https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0">https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0</a><br><a href="https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8">https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-43818">https://nvd.nist.gov/vuln/detail/CVE-2021-43818</a><br></details> |
| lxml | CVE-2021-43818 | HIGH | 4.6.3 | 4.6.5 | <details><summary>Expand...</summary><a href="https://github.com/advisories/GHSA-55x5-fj6c-h6m8">https://github.com/advisories/GHSA-55x5-fj6c-h6m8</a><br><a href="https://github.com/lxml/lxml/blob/lxml-4.6.5/CHANGES.txt">https://github.com/lxml/lxml/blob/lxml-4.6.5/CHANGES.txt</a><br><a href="https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a">https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a</a><br><a href="https://github.com/lxml/lxml/commit/a3eacbc0dcf1de1c822ec29fb7d090a4b1712a9c#diff-59130575b4fb2932c957db2922977d7d89afb0b2085357db1a14615a2fcad776">https://github.com/lxml/lxml/commit/a3eacbc0dcf1de1c822ec29fb7d090a4b1712a9c#diff-59130575b4fb2932c957db2922977d7d89afb0b2085357db1a14615a2fcad776</a><br><a href="https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0">https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0</a><br><a href="https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8">https://github.com/lxml/lxml/security/advisories/GHSA-55x5-fj6c-h6m8</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-43818">https://nvd.nist.gov/vuln/detail/CVE-2021-43818</a><br></details> |
| reportlab | CVE-2020-28463 | MEDIUM | 3.6.1 | | <details><summary>Expand...</summary><a href="https://bugzilla.redhat.com/show_bug.cgi?id=1930417">https://bugzilla.redhat.com/show_bug.cgi?id=1930417</a><br><a href="https://github.com/advisories/GHSA-mpvw-25mg-59vx">https://github.com/advisories/GHSA-mpvw-25mg-59vx</a><br><a href="https://hg.reportlab.com/hg-public/reportlab/file/f094d273903a/CHANGES.md#l71">https://hg.reportlab.com/hg-public/reportlab/file/f094d273903a/CHANGES.md#l71</a><br><a href="https://hg.reportlab.com/hg-public/reportlab/rev/7f2231703dc7">https://hg.reportlab.com/hg-public/reportlab/rev/7f2231703dc7</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMUJA5GZTPQ5WRYUCCK2GEZM4W43N7HH/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HMUJA5GZTPQ5WRYUCCK2GEZM4W43N7HH/</a><br><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZQSFCID67K6BTC655EQY6MNOF35QI44/">https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YZQSFCID67K6BTC655EQY6MNOF35QI44/</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-28463">https://nvd.nist.gov/vuln/detail/CVE-2020-28463</a><br><a href="https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145">https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145</a><br><a href="https://www.reportlab.com/docs/reportlab-userguide.pdf">https://www.reportlab.com/docs/reportlab-userguide.pdf</a><br></details> |
| sqlparse | CVE-2021-32839 | HIGH | 0.4.1 | 0.4.2 | <details><summary>Expand...</summary><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32839">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32839</a><br><a href="https://github.com/advisories/GHSA-p5w8-wqhj-9hhf">https://github.com/advisories/GHSA-p5w8-wqhj-9hhf</a><br><a href="https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb">https://github.com/andialbrecht/sqlparse/commit/8238a9e450ed1524e40cb3a8b0b3c00606903aeb</a><br><a href="https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf">https://github.com/andialbrecht/sqlparse/security/advisories/GHSA-p5w8-wqhj-9hhf</a><br><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-32839">https://nvd.nist.gov/vuln/detail/CVE-2021-32839</a><br><a href="https://securitylab.github.com/advisories/GHSL-2021-107-andialbrecht-sqlparse/">https://securitylab.github.com/advisories/GHSL-2021-107-andialbrecht-sqlparse/</a><br><a href="https://ubuntu.com/security/notices/USN-5085-1">https://ubuntu.com/security/notices/USN-5085-1</a><br></details> |

View File

@ -14768,6 +14768,37 @@ entries:
- https://github.com/truecharts/apps/releases/download/owncloud-ocis-4.0.21/owncloud-ocis-4.0.21.tgz
version: 4.0.21
paperless-ng:
- annotations:
truecharts.org/SCALE-support: "true"
truecharts.org/catagories: |
- incubator
truecharts.org/grade: U
apiVersion: v2
appVersion: 1.5.0
created: "2021-12-17T14:00:54.726564776Z"
dependencies:
- name: common
repository: https://truecharts.org
version: 8.9.21
description: Paperless-ng is an application by Daniel Quinn and contributors that
indexes your scanned documents.
digest: f2a548b5865ecbacb09135ee490d37f3bc8fc6b12306887757ef2ffde113a411
home: https://github.com/truecharts/apps/tree/master/charts/stable/paperless-ng
icon: https://truecharts.org/_static/img/appicons/paperless-ng-icon.png
keywords:
- paperless-ng
kubeVersion: '>=1.16.0-0'
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: paperless-ng
sources:
- https://hub.docker.com/r/linuxserver/paperless-ng
type: application
urls:
- https://github.com/truecharts/apps/releases/download/paperless-ng-0.0.4/paperless-ng-0.0.4.tgz
version: 0.0.4
- annotations:
truecharts.org/SCALE-support: "true"
truecharts.org/catagories: |
@ -20849,6 +20880,39 @@ entries:
- https://github.com/truecharts/apps/releases/download/tautulli-9.0.21/tautulli-9.0.21.tgz
version: 9.0.21
tdarr:
- annotations:
truecharts.org/SCALE-support: "true"
truecharts.org/catagories: |
- media
truecharts.org/grade: U
apiVersion: v2
appVersion: 2.00.12
created: "2021-12-17T14:00:54.923864255Z"
dependencies:
- name: common
repository: https://truecharts.org
version: 8.9.21
description: Audio/Video library transcoding automation
digest: 03c061fc553f39f46bf3325ce1f56167b239b93afb1857aede5830ef384c7981
home: https://github.com/truecharts/apps/tree/master/charts/stable/tdarr
icon: https://truecharts.org/_static/img/appicons/tdarr-icon.png
keywords:
- encode
- media
- tdarr
kubeVersion: '>=1.16.0-0'
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: tdarr
sources:
- https://github.com/HaveAGitGat/Tdarr
- https://hub.docker.com/r/haveagitgat/tdarr
type: application
urls:
- https://github.com/truecharts/apps/releases/download/tdarr-1.0.26/tdarr-1.0.26.tgz
version: 1.0.26
- annotations:
truecharts.org/SCALE-support: "true"
truecharts.org/catagories: |
@ -20949,6 +21013,39 @@ entries:
- https://github.com/truecharts/apps/releases/download/tdarr-1.0.23/tdarr-1.0.23.tgz
version: 1.0.23
tdarr-node:
- annotations:
truecharts.org/SCALE-support: "true"
truecharts.org/catagories: |
- media
truecharts.org/grade: U
apiVersion: v2
appVersion: 2.00.12
created: "2021-12-17T14:00:55.145122266Z"
dependencies:
- name: common
repository: https://truecharts.org
version: 8.9.21
description: Audio/Video library transcoding automation
digest: 47f87f8beaf4342b689ab47cfe818c21476e217eb2a962970264042c7e1daf42
home: https://github.com/truecharts/apps/tree/master/charts/stable/tdarr-node
icon: https://truecharts.org/_static/img/appicons/tdarr-node-icon.png
keywords:
- encode
- media
- tdarr
kubeVersion: '>=1.16.0-0'
maintainers:
- email: info@truecharts.org
name: TrueCharts
url: https://truecharts.org
name: tdarr-node
sources:
- https://github.com/HaveAGitGat/Tdarr
- https://hub.docker.com/r/haveagitgat/tdarr_node
type: application
urls:
- https://github.com/truecharts/apps/releases/download/tdarr-node-1.0.26/tdarr-node-1.0.26.tgz
version: 1.0.26
- annotations:
truecharts.org/SCALE-support: "true"
truecharts.org/catagories: |
@ -23504,4 +23601,4 @@ entries:
urls:
- https://github.com/truecharts/apps/releases/download/zwavejs2mqtt-9.0.24/zwavejs2mqtt-9.0.24.tgz
version: 9.0.24
generated: "2021-12-17T11:25:46.376310911Z"
generated: "2021-12-17T14:00:55.146772875Z"