Protei/PromucFlow_constructor
2
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
e742df0bfa
PromucFlow_constructor/scripts
History
subratadeypappu 20da6c6aef
fix: CVE-2024-38821 (#41221) 
## Description
**Before:**
The appsmith-ce release image contains CVE-2024-38821 critical
vulnerability.
<img width="1258" height="876" alt="Screenshot 2025-09-12 at 1 41 00 PM"
src="https://github.com/user-attachments/assets/6e5292c7-d073-4241-970d-511ab0533547"
/>


[cves_report_ce.json](https://github.com/user-attachments/files/22292789/cves_report_ce.json)



**After:**
The current DP image doesn't contain CVE-2024-38821 after removing pg
build from server.

<img width="1248" height="906" alt="Screenshot 2025-09-12 at 1 40 36 PM"
src="https://github.com/user-attachments/assets/d7d2c812-d6e5-4994-9c08-923e0302b415"
/>


[cves_41221.txt](https://github.com/user-attachments/files/22292798/cves_41221.txt)


Fixes CVE-2024-38821

## Automation

/ok-to-test tags="@tag.Sanity"

### 🔍 Cypress test results
<!-- This is an auto-generated comment: Cypress test results  -->
> [!TIP]
> 🟢 🟢 🟢 All cypress tests have passed! 🎉 🎉 🎉
> Workflow run:
<https://github.com/appsmithorg/appsmith/actions/runs/17725447283>
> Commit: 959d97e926357bfcd1e0aec32a9127be5b8df403
> <a
href="https://internal.appsmith.com/app/cypress-dashboard/rundetails-65890b3c81d7400d08fa9ee5?branch=master&workflowId=17725447283&attempt=2"
target="_blank">Cypress dashboard</a>.
> Tags: `@tag.Sanity`
> Spec:
> <hr>Mon, 15 Sep 2025 08:39:53 UTC
<!-- end of auto-generated comment: Cypress test results  -->


## Communication
Should the DevRel and Marketing teams inform users about this change?
- [ ] Yes
- [x] No


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Chores**
* Removed PostgreSQL support from build artifacts; only the MongoDB
edition is produced going forward.
* Updated Docker validation to require only the MongoDB server jar;
error message reflects this change.
* Simplified artifact preparation by removing PostgreSQL image
extraction and related steps.
* Maintains existing exit-on-failure behavior; successful MongoDB paths
are unchanged.
  * No changes to runtime behavior for MongoDB users.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2025-09-15 17:14:16 +06:00
..
build_dp_from_branch.sh ci: Use default CS URL for DPs (#25938) 2023-08-16 17:29:10 +05:30
cleanup_dp.sh chore: update cleanup dp to delete merged PRs (#41045) 2025-06-26 11:04:15 +05:30
deploy_preview.sh refactor: enhance deploy_preview.sh for idempotent Helm repo addition… (#41043) 2025-06-25 19:22:07 +05:30
generate_info_json.sh ci: Include build information in Docker image labels (#39047) 2025-02-06 11:22:19 +05:30
health_check.sh ci: docDB int test wait for appsmith health before cypress (#26655) 2023-08-25 15:27:48 +05:30
local_testing.sh fix: Add password based auth for postgres (#37068) 2024-12-06 10:49:27 +05:30
prepare_server_artifacts.sh fix: CVE-2024-38821 (#41221) 2025-09-15 17:14:16 +06:00
regen-baseline.sh chore: Add mover script for Mongo to postgres migration (#36458) 2024-09-25 15:22:02 +05:30
scout_vulnerabilities_data.sh chore: Adding step for install (#37276) 2024-11-07 15:39:33 +05:30
trivy_vulnerabilities_data.sh CI: Update Trivy DB (#38397) 2024-12-30 12:54:27 +05:30