diff --git a/stable/firefox/0.0.13/CHANGELOG.md b/stable/firefox/0.0.14/CHANGELOG.md
similarity index 89%
rename from stable/firefox/0.0.13/CHANGELOG.md
rename to stable/firefox/0.0.14/CHANGELOG.md
index ec7ed4e7fec..dde9bcad5ff 100644
--- a/stable/firefox/0.0.13/CHANGELOG.md
+++ b/stable/firefox/0.0.14/CHANGELOG.md
@@ -1,6 +1,15 @@
# Changelog
+
+### [firefox-0.0.14](https://github.com/truecharts/apps/compare/firefox-syncserver-5.0.23...firefox-0.0.14) (2022-01-20)
+
+#### Fix
+
+* disable rofs ([#1746](https://github.com/truecharts/apps/issues/1746))
+
+
+
### [firefox-0.0.13](https://github.com/truecharts/apps/compare/firefox-syncserver-5.0.22...firefox-0.0.13) (2022-01-18)
@@ -88,12 +97,3 @@
-### [firefox-0.0.4](https://github.com/truecharts/apps/compare/firefox-0.0.3...firefox-0.0.4) (2021-12-18)
-
-#### Chore
-
-* cleanup questions by removing hidden dicts ([#1558](https://github.com/truecharts/apps/issues/1558))
-* App-Icon Organization ([#1539](https://github.com/truecharts/apps/issues/1539))
-
-
-
diff --git a/stable/firefox/0.0.13/CONFIG.md b/stable/firefox/0.0.14/CONFIG.md
similarity index 100%
rename from stable/firefox/0.0.13/CONFIG.md
rename to stable/firefox/0.0.14/CONFIG.md
diff --git a/stable/firefox/0.0.13/Chart.lock b/stable/firefox/0.0.14/Chart.lock
similarity index 78%
rename from stable/firefox/0.0.13/Chart.lock
rename to stable/firefox/0.0.14/Chart.lock
index 435c76d24b0..233a914f05b 100644
--- a/stable/firefox/0.0.13/Chart.lock
+++ b/stable/firefox/0.0.14/Chart.lock
@@ -3,4 +3,4 @@ dependencies:
repository: https://truecharts.org
version: 8.13.1
digest: sha256:5d8b49b1fb2103e55ad00efd7d0bc401dd47a5946249994d7ba63e2ce3aeb0b8
-generated: "2022-01-18T15:34:49.276647495Z"
+generated: "2022-01-20T16:12:58.83277584Z"
diff --git a/stable/firefox/0.0.13/Chart.yaml b/stable/firefox/0.0.14/Chart.yaml
similarity index 97%
rename from stable/firefox/0.0.13/Chart.yaml
rename to stable/firefox/0.0.14/Chart.yaml
index 4cb71d42e21..68592ef4d6e 100644
--- a/stable/firefox/0.0.13/Chart.yaml
+++ b/stable/firefox/0.0.14/Chart.yaml
@@ -1,7 +1,7 @@
apiVersion: v2
kubeVersion: ">=1.16.0-0"
name: firefox
-version: 0.0.13
+version: 0.0.14
appVersion: "78.15.0"
description: Firefox Browser, also known as Mozilla Firefox or simply Firefox,
type: application
diff --git a/stable/firefox/0.0.13/README.md b/stable/firefox/0.0.14/README.md
similarity index 100%
rename from stable/firefox/0.0.13/README.md
rename to stable/firefox/0.0.14/README.md
diff --git a/stable/firefox/0.0.13/app-readme.md b/stable/firefox/0.0.14/app-readme.md
similarity index 100%
rename from stable/firefox/0.0.13/app-readme.md
rename to stable/firefox/0.0.14/app-readme.md
diff --git a/stable/firefox/0.0.13/charts/common-8.13.1.tgz b/stable/firefox/0.0.14/charts/common-8.13.1.tgz
similarity index 100%
rename from stable/firefox/0.0.13/charts/common-8.13.1.tgz
rename to stable/firefox/0.0.14/charts/common-8.13.1.tgz
diff --git a/stable/firefox/0.0.13/helm-values.md b/stable/firefox/0.0.14/helm-values.md
similarity index 95%
rename from stable/firefox/0.0.13/helm-values.md
rename to stable/firefox/0.0.14/helm-values.md
index 4f0a1f3b5e6..0f4974e173d 100644
--- a/stable/firefox/0.0.13/helm-values.md
+++ b/stable/firefox/0.0.14/helm-values.md
@@ -20,6 +20,7 @@ You will, however, be able to use all values referenced in the common chart here
| persistence.varrun.enabled | bool | `true` | |
| podSecurityContext.runAsGroup | int | `0` | |
| podSecurityContext.runAsUser | int | `0` | |
+| securityContext.readOnlyRootFilesystem | bool | `false` | |
| securityContext.runAsNonRoot | bool | `false` | |
| service.main.ports.main.port | int | `10131` | |
| service.main.ports.main.targetPort | int | `3000` | |
diff --git a/stable/firefox/0.0.13/ix_values.yaml b/stable/firefox/0.0.14/ix_values.yaml
similarity index 92%
rename from stable/firefox/0.0.13/ix_values.yaml
rename to stable/firefox/0.0.14/ix_values.yaml
index 9c890cb6b50..3a1eb78d4b0 100644
--- a/stable/firefox/0.0.13/ix_values.yaml
+++ b/stable/firefox/0.0.14/ix_values.yaml
@@ -5,6 +5,7 @@ image:
securityContext:
runAsNonRoot: false
+ readOnlyRootFilesystem: false
podSecurityContext:
runAsUser: 0
diff --git a/stable/firefox/0.0.13/questions.yaml b/stable/firefox/0.0.14/questions.yaml
similarity index 99%
rename from stable/firefox/0.0.13/questions.yaml
rename to stable/firefox/0.0.14/questions.yaml
index 9649824ba14..9be33df5826 100644
--- a/stable/firefox/0.0.13/questions.yaml
+++ b/stable/firefox/0.0.14/questions.yaml
@@ -1396,7 +1396,7 @@ questions:
label: "ReadOnly Root Filesystem"
schema:
type: boolean
- default: true
+ default: false
- variable: allowPrivilegeEscalation
label: "Allow Privilege Escalation"
schema:
diff --git a/stable/firefox/0.0.13/security.md b/stable/firefox/0.0.14/security.md
similarity index 98%
rename from stable/firefox/0.0.13/security.md
rename to stable/firefox/0.0.14/security.md
index 1160a75c7e7..7af7845384e 100644
--- a/stable/firefox/0.0.13/security.md
+++ b/stable/firefox/0.0.14/security.md
@@ -20,6 +20,7 @@ hide:
| Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW | Expand...
The container should drop all default capabilities and add only those that are needed for its execution.
Container 'RELEASE-NAME-firefox' of Deployment 'RELEASE-NAME-firefox' should add 'ALL' to 'securityContext.capabilities.drop' | Expand...
https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003
|
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | Expand...
'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.
Container 'RELEASE-NAME-firefox' of Deployment 'RELEASE-NAME-firefox' should set 'securityContext.runAsNonRoot' to true | Expand...
https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
|
| Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM | Expand...
'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.
Container 'autopermissions' of Deployment 'RELEASE-NAME-firefox' should set 'securityContext.runAsNonRoot' to true | Expand...
https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
|
+| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | Expand...
An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.
Container 'RELEASE-NAME-firefox' of Deployment 'RELEASE-NAME-firefox' should set 'securityContext.readOnlyRootFilesystem' to true | Expand...
https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
|
| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW | Expand...
An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.
Container 'autopermissions' of Deployment 'RELEASE-NAME-firefox' should set 'securityContext.readOnlyRootFilesystem' to true | Expand...
https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
|
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | Expand...
Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.
Container 'RELEASE-NAME-firefox' of Deployment 'RELEASE-NAME-firefox' should set 'securityContext.runAsUser' > 10000 | Expand...
https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
|
| Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM | Expand...
Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.
Container 'autopermissions' of Deployment 'RELEASE-NAME-firefox' should set 'securityContext.runAsUser' > 10000 | Expand...
https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
|
diff --git a/stable/firefox/0.0.13/templates/common.yaml b/stable/firefox/0.0.14/templates/common.yaml
similarity index 100%
rename from stable/firefox/0.0.13/templates/common.yaml
rename to stable/firefox/0.0.14/templates/common.yaml
diff --git a/stable/firefox/0.0.13/values.yaml b/stable/firefox/0.0.14/values.yaml
similarity index 100%
rename from stable/firefox/0.0.13/values.yaml
rename to stable/firefox/0.0.14/values.yaml