From f6224ef7a2bc7f49f11c4d24513fb9b25d763066 Mon Sep 17 00:00:00 2001 From: Davide Silvestri <75379892+silvestrid@users.noreply.github.com> Date: Fri, 27 Feb 2026 12:34:16 +0100 Subject: [PATCH 1/2] fix: install tzdata-legacy for timezones removed after the upgrade to trixie (#4890) --- ...talegacy_in_allinone_image_for_timezones_removed.json | 9 +++++++++ deploy/all-in-one/Dockerfile | 1 + 2 files changed, 10 insertions(+) create mode 100644 changelog/entries/unreleased/bug/install_tzdatalegacy_in_allinone_image_for_timezones_removed.json diff --git a/changelog/entries/unreleased/bug/install_tzdatalegacy_in_allinone_image_for_timezones_removed.json b/changelog/entries/unreleased/bug/install_tzdatalegacy_in_allinone_image_for_timezones_removed.json new file mode 100644 index 0000000000..7f89eeaa4d --- /dev/null +++ b/changelog/entries/unreleased/bug/install_tzdatalegacy_in_allinone_image_for_timezones_removed.json @@ -0,0 +1,9 @@ +{ + "type": "bug", + "message": "Install tzdata-legacy in all-in-one image for timezones removed after the upgrade to trixie.", + "issue_origin": "github", + "issue_number": null, + "domain": "core", + "bullet_points": [], + "created_at": "2026-02-27" +} \ No newline at end of file diff --git a/deploy/all-in-one/Dockerfile b/deploy/all-in-one/Dockerfile index 3f35a6580d..c354be8840 100644 --- a/deploy/all-in-one/Dockerfile +++ b/deploy/all-in-one/Dockerfile @@ -43,6 +43,7 @@ RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ xmlsec1 \ gettext \ tini \ + tzdata-legacy \ && \ # Setup user and group with fixed UID/GID for volume permission consistency getent group "$GID" || groupadd --system --gid "$GID" "${DOCKER_USER}" && \ From b946231aa3daf8ce9d5180f86735becbf2c703eb Mon Sep 17 00:00:00 2001 From: Davide Silvestri <75379892+silvestrid@users.noreply.github.com> Date: Fri, 27 Feb 2026 13:12:54 +0100 Subject: [PATCH 2/2] Upgrade redis server (#4889) --- ...de_redisserver_in_allinone_image_to_resolve_cves.json | 9 +++++++++ deploy/all-in-one/Dockerfile | 4 +++- 2 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 changelog/entries/unreleased/refactor/upgrade_redisserver_in_allinone_image_to_resolve_cves.json diff --git a/changelog/entries/unreleased/refactor/upgrade_redisserver_in_allinone_image_to_resolve_cves.json b/changelog/entries/unreleased/refactor/upgrade_redisserver_in_allinone_image_to_resolve_cves.json new file mode 100644 index 0000000000..8eb3d4d015 --- /dev/null +++ b/changelog/entries/unreleased/refactor/upgrade_redisserver_in_allinone_image_to_resolve_cves.json @@ -0,0 +1,9 @@ +{ + "type": "refactor", + "message": "Upgrade redis-server in all-in-one image to resolve CVEs", + "issue_origin": "github", + "issue_number": null, + "domain": "core", + "bullet_points": [], + "created_at": "2026-02-27" +} \ No newline at end of file diff --git a/deploy/all-in-one/Dockerfile b/deploy/all-in-one/Dockerfile index c354be8840..a9217e672f 100644 --- a/deploy/all-in-one/Dockerfile +++ b/deploy/all-in-one/Dockerfile @@ -119,11 +119,13 @@ SHELL ["/bin/bash", "-o", "pipefail", "-c"] # Install postgres + redis (PGDG repo already added in base stage) RUN --mount=type=cache,target=/var/cache/apt,sharing=locked \ --mount=type=cache,target=/var/lib/apt,sharing=locked \ + curl -fsSL https://packages.redis.io/gpg | gpg --batch --dearmor -o /usr/share/keyrings/redis-archive-keyring.gpg && \ + echo "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] https://packages.redis.io/deb trixie main" > /etc/apt/sources.list.d/redis.list && \ apt-get update && \ apt-get install --no-install-recommends -y \ "postgresql-${POSTGRES_VERSION}" \ "postgresql-${POSTGRES_VERSION}-pgvector" \ - redis-server && \ + redis && \ # Setup redis usermod -a -G tty redis && \ sed -i 's/daemonize yes/daemonize no/g' /etc/redis/redis.conf && \