diff --git a/stable/firefox/0.0.13/CHANGELOG.md b/stable/firefox/0.0.14/CHANGELOG.md similarity index 89% rename from stable/firefox/0.0.13/CHANGELOG.md rename to stable/firefox/0.0.14/CHANGELOG.md index ec7ed4e7fec..dde9bcad5ff 100644 --- a/stable/firefox/0.0.13/CHANGELOG.md +++ b/stable/firefox/0.0.14/CHANGELOG.md @@ -1,6 +1,15 @@ # Changelog
+ +### [firefox-0.0.14](https://github.com/truecharts/apps/compare/firefox-syncserver-5.0.23...firefox-0.0.14) (2022-01-20) + +#### Fix + +* disable rofs ([#1746](https://github.com/truecharts/apps/issues/1746)) + + + ### [firefox-0.0.13](https://github.com/truecharts/apps/compare/firefox-syncserver-5.0.22...firefox-0.0.13) (2022-01-18) @@ -88,12 +97,3 @@ -### [firefox-0.0.4](https://github.com/truecharts/apps/compare/firefox-0.0.3...firefox-0.0.4) (2021-12-18) - -#### Chore - -* cleanup questions by removing hidden dicts ([#1558](https://github.com/truecharts/apps/issues/1558)) -* App-Icon Organization ([#1539](https://github.com/truecharts/apps/issues/1539)) - - - diff --git a/stable/firefox/0.0.13/CONFIG.md b/stable/firefox/0.0.14/CONFIG.md similarity index 100% rename from stable/firefox/0.0.13/CONFIG.md rename to stable/firefox/0.0.14/CONFIG.md diff --git a/stable/firefox/0.0.13/Chart.lock b/stable/firefox/0.0.14/Chart.lock similarity index 78% rename from stable/firefox/0.0.13/Chart.lock rename to stable/firefox/0.0.14/Chart.lock index 435c76d24b0..233a914f05b 100644 --- a/stable/firefox/0.0.13/Chart.lock +++ b/stable/firefox/0.0.14/Chart.lock @@ -3,4 +3,4 @@ dependencies: repository: https://truecharts.org version: 8.13.1 digest: sha256:5d8b49b1fb2103e55ad00efd7d0bc401dd47a5946249994d7ba63e2ce3aeb0b8 -generated: "2022-01-18T15:34:49.276647495Z" +generated: "2022-01-20T16:12:58.83277584Z" diff --git a/stable/firefox/0.0.13/Chart.yaml b/stable/firefox/0.0.14/Chart.yaml similarity index 97% rename from stable/firefox/0.0.13/Chart.yaml rename to stable/firefox/0.0.14/Chart.yaml index 4cb71d42e21..68592ef4d6e 100644 --- a/stable/firefox/0.0.13/Chart.yaml +++ b/stable/firefox/0.0.14/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 kubeVersion: ">=1.16.0-0" name: firefox -version: 0.0.13 +version: 0.0.14 appVersion: "78.15.0" description: Firefox Browser, also known as Mozilla Firefox or simply Firefox, type: application diff --git a/stable/firefox/0.0.13/README.md b/stable/firefox/0.0.14/README.md similarity index 100% rename from stable/firefox/0.0.13/README.md rename to stable/firefox/0.0.14/README.md diff --git a/stable/firefox/0.0.13/app-readme.md b/stable/firefox/0.0.14/app-readme.md similarity index 100% rename from stable/firefox/0.0.13/app-readme.md rename to stable/firefox/0.0.14/app-readme.md diff --git a/stable/firefox/0.0.13/charts/common-8.13.1.tgz b/stable/firefox/0.0.14/charts/common-8.13.1.tgz similarity index 100% rename from stable/firefox/0.0.13/charts/common-8.13.1.tgz rename to stable/firefox/0.0.14/charts/common-8.13.1.tgz diff --git a/stable/firefox/0.0.13/helm-values.md b/stable/firefox/0.0.14/helm-values.md similarity index 95% rename from stable/firefox/0.0.13/helm-values.md rename to stable/firefox/0.0.14/helm-values.md index 4f0a1f3b5e6..0f4974e173d 100644 --- a/stable/firefox/0.0.13/helm-values.md +++ b/stable/firefox/0.0.14/helm-values.md @@ -20,6 +20,7 @@ You will, however, be able to use all values referenced in the common chart here | persistence.varrun.enabled | bool | `true` | | | podSecurityContext.runAsGroup | int | `0` | | | podSecurityContext.runAsUser | int | `0` | | +| securityContext.readOnlyRootFilesystem | bool | `false` | | | securityContext.runAsNonRoot | bool | `false` | | | service.main.ports.main.port | int | `10131` | | | service.main.ports.main.targetPort | int | `3000` | | diff --git a/stable/firefox/0.0.13/ix_values.yaml b/stable/firefox/0.0.14/ix_values.yaml similarity index 92% rename from stable/firefox/0.0.13/ix_values.yaml rename to stable/firefox/0.0.14/ix_values.yaml index 9c890cb6b50..3a1eb78d4b0 100644 --- a/stable/firefox/0.0.13/ix_values.yaml +++ b/stable/firefox/0.0.14/ix_values.yaml @@ -5,6 +5,7 @@ image: securityContext: runAsNonRoot: false + readOnlyRootFilesystem: false podSecurityContext: runAsUser: 0 diff --git a/stable/firefox/0.0.13/questions.yaml b/stable/firefox/0.0.14/questions.yaml similarity index 99% rename from stable/firefox/0.0.13/questions.yaml rename to stable/firefox/0.0.14/questions.yaml index 9649824ba14..9be33df5826 100644 --- a/stable/firefox/0.0.13/questions.yaml +++ b/stable/firefox/0.0.14/questions.yaml @@ -1396,7 +1396,7 @@ questions: label: "ReadOnly Root Filesystem" schema: type: boolean - default: true + default: false - variable: allowPrivilegeEscalation label: "Allow Privilege Escalation" schema: diff --git a/stable/firefox/0.0.13/security.md b/stable/firefox/0.0.14/security.md similarity index 98% rename from stable/firefox/0.0.13/security.md rename to stable/firefox/0.0.14/security.md index 1160a75c7e7..7af7845384e 100644 --- a/stable/firefox/0.0.13/security.md +++ b/stable/firefox/0.0.14/security.md @@ -20,6 +20,7 @@ hide: | Kubernetes Security Check | KSV003 | Default capabilities not dropped | LOW |
Expand... The container should drop all default capabilities and add only those that are needed for its execution.


Container 'RELEASE-NAME-firefox' of Deployment 'RELEASE-NAME-firefox' should add 'ALL' to 'securityContext.capabilities.drop'
|
Expand...https://kubesec.io/basics/containers-securitycontext-capabilities-drop-index-all/
https://avd.aquasec.com/appshield/ksv003
| | Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.


Container 'RELEASE-NAME-firefox' of Deployment 'RELEASE-NAME-firefox' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
| | Kubernetes Security Check | KSV012 | Runs as root user | MEDIUM |
Expand... 'runAsNonRoot' forces the running image to run as a non-root user to ensure least privileges.


Container 'autopermissions' of Deployment 'RELEASE-NAME-firefox' should set 'securityContext.runAsNonRoot' to true
|
Expand...https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
https://avd.aquasec.com/appshield/ksv012
| +| Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.


Container 'RELEASE-NAME-firefox' of Deployment 'RELEASE-NAME-firefox' should set 'securityContext.readOnlyRootFilesystem' to true
|
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
| | Kubernetes Security Check | KSV014 | Root file system is not read-only | LOW |
Expand... An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.


Container 'autopermissions' of Deployment 'RELEASE-NAME-firefox' should set 'securityContext.readOnlyRootFilesystem' to true
|
Expand...https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/
https://avd.aquasec.com/appshield/ksv014
| | Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM |
Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.


Container 'RELEASE-NAME-firefox' of Deployment 'RELEASE-NAME-firefox' should set 'securityContext.runAsUser' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
| | Kubernetes Security Check | KSV020 | Runs with low user ID | MEDIUM |
Expand... Force the container to run with user ID > 10000 to avoid conflicts with the host’s user table.


Container 'autopermissions' of Deployment 'RELEASE-NAME-firefox' should set 'securityContext.runAsUser' > 10000
|
Expand...https://kubesec.io/basics/containers-securitycontext-runasuser/
https://avd.aquasec.com/appshield/ksv020
| diff --git a/stable/firefox/0.0.13/templates/common.yaml b/stable/firefox/0.0.14/templates/common.yaml similarity index 100% rename from stable/firefox/0.0.13/templates/common.yaml rename to stable/firefox/0.0.14/templates/common.yaml diff --git a/stable/firefox/0.0.13/values.yaml b/stable/firefox/0.0.14/values.yaml similarity index 100% rename from stable/firefox/0.0.13/values.yaml rename to stable/firefox/0.0.14/values.yaml