Policy merge requestshttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests2024-03-27T14:25:20Zhttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/481Updated default policies to treat 'users.data.root' as super user2024-03-27T14:25:20ZDadong ZhouUpdated default policies to treat 'users.data.root' as super userUpdated the default DataAuthz and Search policies to treat 'users.data.root' as super user.
Please see the requirements in https://community.opengroup.org/osdu/platform/system/storage/-/issues/220.Updated the default DataAuthz and Search policies to treat 'users.data.root' as super user.
Please see the requirements in https://community.opengroup.org/osdu/platform/system/storage/-/issues/220.M23 - Release 0.26https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/480minor documentation updates2024-03-07T15:22:16ZShane Hutchinsminor documentation updates- release notes
- updates links- release notes
- updates linksM23 - Release 0.26Shane HutchinsShane Hutchinshttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/479Documentation update and notice update2024-03-07T14:26:58ZShane HutchinsDocumentation update and notice update- Notice update
- Documentation update - OPA recommended versions update, release notes- Notice update
- Documentation update - OPA recommended versions update, release notesM23 - Release 0.26Shane HutchinsShane Hutchinshttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/478Update OPA for CVE-2024-24783 for AWS2024-03-06T17:29:45ZShane HutchinsUpdate OPA for CVE-2024-24783 for AWSUpgrading OPA to 0.62.1 CVE-2024-24783 (https://pkg.go.dev/vuln/GO-2024-2598).
- See https://github.com/open-policy-agent/opa/releases/tag/v0.62.1
- If you’re not doing TLS / arbitrary http.send, it might not apply to you to
- Additiona...Upgrading OPA to 0.62.1 CVE-2024-24783 (https://pkg.go.dev/vuln/GO-2024-2598).
- See https://github.com/open-policy-agent/opa/releases/tag/v0.62.1
- If you’re not doing TLS / arbitrary http.send, it might not apply to you to
- Additionally CVE-2023-6246, CVE-2023-6779 may also be involved.M23 - Release 0.26Shane HutchinsShane Hutchinshttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/476[GONRG-9211] Added labels to gc helm2024-03-19T17:09:22ZDanylo Vanin (EPAM)[GONRG-9211] Added labels to gc helmAdded labels to GC deploymentAdded labels to GC deploymentM23 - Release 0.26Danylo Vanin (EPAM)Danylo Vanin (EPAM)https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/475change docker base image2024-03-07T14:28:07ZIsha Kumarichange docker base imagechange docker base imagechange docker base imageM23 - Release 0.26Isha KumariIsha Kumarihttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/474update aws image2024-03-19T17:09:24ZRucha Deshpandeupdate aws imageUpdate AWS OPA docker imageUpdate AWS OPA docker imageM23 - Release 0.26Rucha DeshpandeRucha Deshpandehttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/473doc update2024-02-13T18:38:41ZShane Hutchinsdoc updateMinor doc updateMinor doc updateM23 - Release 0.26Shane HutchinsShane Hutchinshttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/472SHA-1 to SHA-256 update2024-02-13T14:11:08ZShane HutchinsSHA-1 to SHA-256 updateWhile this is not a direct security or vulnerabilty concern, we are upgrading SHA-1 to SHA-256 to address any potential security concerns if there are upstream/downstream uses of this SHA.
Issues:
- https://community.opengroup.org/osdu/...While this is not a direct security or vulnerabilty concern, we are upgrading SHA-1 to SHA-256 to address any potential security concerns if there are upstream/downstream uses of this SHA.
Issues:
- https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/issues/124
- https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/issues/125
- Documentation and Notice update as well.M23 - Release 0.26Shane HutchinsShane Hutchinshttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/469Cherry-pick 'Don't check legal tag status when making an update request' into...2024-01-30T09:56:32ZChad LeongCherry-pick 'Don't check legal tag status when making an update request' into release/0.25**Original MR**: !468
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...**Original MR**: !468
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/pipelines/new?ref=cherry-pick-for-468)M22 - Release 0.25David Diederichd.diederich@opengroup.orgChad LeongSrinivasan NarayananDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/468Don't check legal tag status when making an update request2024-01-30T09:56:21ZShane HutchinsDon't check legal tag status when making an update requestTo make https://community.opengroup.org/osdu/platform/system/storage/-/issues/174 compatible with policies let's not check legal tag status when making an update request.
https://community.opengroup.org/osdu/platform/pre-shipping/-/issu...To make https://community.opengroup.org/osdu/platform/system/storage/-/issues/174 compatible with policies let's not check legal tag status when making an update request.
https://community.opengroup.org/osdu/platform/pre-shipping/-/issues/678M22 - Release 0.25Shane HutchinsShane Hutchinshttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/467API version change2024-02-05T16:09:31ZShane HutchinsAPI version change- Change API version to 1.0.0 for https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/issues/126
- Notice Update- Change API version to 1.0.0 for https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/issues/126
- Notice UpdateM23 - Release 0.26Shane HutchinsShane Hutchinshttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/466Gonrg 9103 decline the data partition id variable as a system partition2024-01-22T18:20:28ZSiarhei Poliak [EPAM / GCP]Gonrg 9103 decline the data partition id variable as a system partitionM23 - Release 0.26https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/465Gonrg 9088 single partition string2024-02-01T14:41:17ZSiarhei Poliak [EPAM / GCP]Gonrg 9088 single partition stringM23 - Release 0.26https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/464Merge branch 'fix-gc-bootstrap' into 'master'2024-01-12T11:19:02ZAliaksandr Ramanovich (EPAM)Merge branch 'fix-gc-bootstrap' into 'master'GC changes only
hotfix to avoid image build errors
See merge request osdu/platform/security-and-compliance/policy!463
(cherry picked from commit d4abf3576ff230acedba27e6f2069f16ec518d38)
e2e7e889 hotfix to avoid image build errorsGC changes only
hotfix to avoid image build errors
See merge request osdu/platform/security-and-compliance/policy!463
(cherry picked from commit d4abf3576ff230acedba27e6f2069f16ec518d38)
e2e7e889 hotfix to avoid image build errorsM22 - Release 0.25Aliaksandr Ramanovich (EPAM)Aliaksandr Ramanovich (EPAM)https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/463hotfix to avoid image build errors2024-01-11T18:13:02ZAliaksandr Ramanovich (EPAM)hotfix to avoid image build errorshotfix to avoid errors during image building related to Externally Managed Environmentshotfix to avoid errors during image building related to Externally Managed EnvironmentsM22 - Release 0.25Aliaksandr Ramanovich (EPAM)Aliaksandr Ramanovich (EPAM)https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/462Audit Logging Feature and FastAPI upgrade2024-02-13T18:34:00ZShane HutchinsAudit Logging Feature and FastAPI upgrade- Add an external audit log https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/issues/113
- Upgrade FastAPI to 0.109.2 and associated dependencies for security issues (CVE-2024-24762)
- Updated documentation
-...- Add an external audit log https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/issues/113
- Upgrade FastAPI to 0.109.2 and associated dependencies for security issues (CVE-2024-24762)
- Updated documentation
- Integration test update
- Updated log and error messages
- Notice update
- Secrets ignore added (trufflehog)M23 - Release 0.26Shane HutchinsShane Hutchinshttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/461Merge branch 'aws-fix-containerize' into 'master'2023-12-11T16:18:22ZDerek HudsonMerge branch 'aws-fix-containerize' into 'master'Fix containerize on GitLab.
See merge request osdu/platform/security-and-compliance/policy!460
(cherry picked from commit be618388a1cf5bda01640701ff6aa8a6e1a0470f)
3302172b Fix containerize on GitLab.
788c8888 Now testing a Python vir...Fix containerize on GitLab.
See merge request osdu/platform/security-and-compliance/policy!460
(cherry picked from commit be618388a1cf5bda01640701ff6aa8a6e1a0470f)
3302172b Fix containerize on GitLab.
788c8888 Now testing a Python virtual environment.
3c29b97f Made the image frozen.
7e4f0f9d Updating NOTICEM22 - Release 0.25Derek HudsonDerek Hudsonhttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/460Fix containerize on GitLab.2023-12-11T15:40:24ZDerek HudsonFix containerize on GitLab.Fixes the AWS containerize on GitLabFixes the AWS containerize on GitLabM22 - Release 0.25Derek HudsonDerek Hudsonhttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/459Update FOSSA NOTICE2023-12-08T21:38:46ZDavid Diederichd.diederich@opengroup.orgUpdate FOSSA NOTICEThis MR updates the attribution file for the project (also known as the `NOTICE` file).
It is important to keep this up to date to satisfy legal requirements of dependency licenses.
We use FOSSA as the tool to scan for and detect these ...This MR updates the attribution file for the project (also known as the `NOTICE` file).
It is important to keep this up to date to satisfy legal requirements of dependency licenses.
We use FOSSA as the tool to scan for and detect these changes.M22 - Release 0.25