From ef71d19bd4fca5555a4cba6b06da7060025fd228 Mon Sep 17 00:00:00 2001
From: Shayna Atkinson <satkinson@sphericalcowgroup.com>
Date: Mon, 2 Oct 2023 19:21:25 +0000
Subject: [PATCH 1/2] add CSP headers to Apache config (CO-2705)

---
 comanage-match-base/apache-include-virtual-host-port443-base    | 1 +
 comanage-match-base/apache-include-virtual-host-port80-redirect | 1 +
 comanage-match-internet2-tap/Dockerfile                         | 2 +-
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/comanage-match-base/apache-include-virtual-host-port443-base b/comanage-match-base/apache-include-virtual-host-port443-base
index 044b231..1fc9131 100644
--- a/comanage-match-base/apache-include-virtual-host-port443-base
+++ b/comanage-match-base/apache-include-virtual-host-port443-base
@@ -7,6 +7,7 @@ RedirectMatch ^/$ /match/
 LogLevel warn
 
 Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
+Header set Content-Security-Policy "frame-ancestors 'self';"
 
 SSLEngine on
 SSLProtocol all -SSLv2 -SSLv3
diff --git a/comanage-match-base/apache-include-virtual-host-port80-redirect b/comanage-match-base/apache-include-virtual-host-port80-redirect
index f4b5383..a8a14a7 100644
--- a/comanage-match-base/apache-include-virtual-host-port80-redirect
+++ b/comanage-match-base/apache-include-virtual-host-port80-redirect
@@ -1,5 +1,6 @@
 <VirtualHost *:80>
 ServerName http://${COMANAGE_MATCH_VIRTUAL_HOST_FQDN}:80
+Header set Content-Security-Policy "frame-ancestors 'self';"
 RewriteEngine On
 RewriteCond %{HTTPS} off
 RewriteRule ^ https://%{HTTP_HOST}:443%{REQUEST_URI} [R=302,L,QSA]
diff --git a/comanage-match-internet2-tap/Dockerfile b/comanage-match-internet2-tap/Dockerfile
index cbafca6..85b4819 100644
--- a/comanage-match-internet2-tap/Dockerfile
+++ b/comanage-match-internet2-tap/Dockerfile
@@ -141,7 +141,7 @@ EXPOSE 80 443
 # following line (to prevent other scripts from processing it).
 #####     ENV TIER_BEACON_OPT_OUT True
 
-ENV TIER_RELEASE=230929
+ENV TIER_RELEASE=231002
 ENV TIER_MAINTAINER=tier
 
 ENTRYPOINT ["docker-supervisord-entrypoint"]

From 8748304e4b7bf9a0ba8f869ef2dbdf380f5ab65d Mon Sep 17 00:00:00 2001
From: Shayna Atkinson <satkinson@sphericalcowgroup.com>
Date: Mon, 11 Dec 2023 22:05:33 +0000
Subject: [PATCH 2/2] bump version to 1.2.1, upgrade PHP to 8.1.26, upgrade
 base Postgres image to 14.10

---
 Jenkinsfile                                  | 2 +-
 comanage-match-base/Dockerfile               | 2 +-
 comanage-match-base/README.md                | 2 +-
 comanage-match-internet2-tap-base/Dockerfile | 2 +-
 comanage-match-internet2-tap/Dockerfile      | 2 +-
 comanage-match-internet2-tap/README.md       | 4 ++--
 comanage-match-postgres/Dockerfile           | 2 +-
 common.bash                                  | 2 +-
 8 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/Jenkinsfile b/Jenkinsfile
index 74a4ed5..054d616 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -5,7 +5,7 @@ pipeline {
         maintainer_credential_ref = 'dockerhub-tier'
         imagename = 'g'
         tag = 'l'
-        version='1.2.0'
+        version='1.2.1'
     }
     stages {
         stage('Setting build context') {
diff --git a/comanage-match-base/Dockerfile b/comanage-match-base/Dockerfile
index 38fa236..8f25bc0 100644
--- a/comanage-match-base/Dockerfile
+++ b/comanage-match-base/Dockerfile
@@ -16,7 +16,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-FROM php:8.1.23-apache-bullseye
+FROM php:8.1.26-apache-bullseye
 
 # Official PHP image with Apache HTTPD includes
 # --with-openssl
diff --git a/comanage-match-base/README.md b/comanage-match-base/README.md
index e5faded..8cc99bb 100644
--- a/comanage-match-base/README.md
+++ b/comanage-match-base/README.md
@@ -53,7 +53,7 @@ docker build \
 ## Building Example
 
 ```
-export COMANAGE_MATCH_VERSION=1.2.0
+export COMANAGE_MATCH_VERSION=1.2.1
 export COMANAGE_MATCH_BASE_IMAGE_VERSION=1
 TAG="${COMANAGE_MATCH_VERSION}-${COMANAGE_MATCH_BASE_IMAGE_VERSION}"
 docker build \
diff --git a/comanage-match-internet2-tap-base/Dockerfile b/comanage-match-internet2-tap-base/Dockerfile
index d711903..2b89e32 100644
--- a/comanage-match-internet2-tap-base/Dockerfile
+++ b/comanage-match-internet2-tap-base/Dockerfile
@@ -25,7 +25,7 @@ RUN yum -y remove \
     postgresql-devel \
     postgresql
 
-ARG PHP_VERSION=8.1.23
+ARG PHP_VERSION=8.1.26
 ARG PHP_SRC_URL=https://github.com/php/php-src/archive/php-${PHP_VERSION}.tar.gz
 
 RUN yum -y install epel-release \
diff --git a/comanage-match-internet2-tap/Dockerfile b/comanage-match-internet2-tap/Dockerfile
index 85b4819..bdbfb6b 100644
--- a/comanage-match-internet2-tap/Dockerfile
+++ b/comanage-match-internet2-tap/Dockerfile
@@ -141,7 +141,7 @@ EXPOSE 80 443
 # following line (to prevent other scripts from processing it).
 #####     ENV TIER_BEACON_OPT_OUT True
 
-ENV TIER_RELEASE=231002
+ENV TIER_RELEASE=231211
 ENV TIER_MAINTAINER=tier
 
 ENTRYPOINT ["docker-supervisord-entrypoint"]
diff --git a/comanage-match-internet2-tap/README.md b/comanage-match-internet2-tap/README.md
index 8d6c0d7..4925ca4 100644
--- a/comanage-match-internet2-tap/README.md
+++ b/comanage-match-internet2-tap/README.md
@@ -59,7 +59,7 @@ docker build \
 ## Building Example
 
 ```
-export COMANAGE_MATCH_VERSION=1.2.0
+export COMANAGE_MATCH_VERSION=1.2.1
 export COMANAGE_MATCH_BASE_IMAGE_VERSION=1
 export COMANAGE_MATCH_I2_BASE_IMAGE_VERSION=1
 export COMANAGE_MATCH_I2_IMAGE_VERSION=1
@@ -133,7 +133,7 @@ docker run -d \
   -v /etc/shibboleth/my-org-metadata.xml:/etc/shibboleth/my-org-metadata.xml \
   -p 80:80 \
   -p 443:443 \
-  comanage-match:1.2.0-internet2-tap-1
+  comanage-match:1.2.1-internet2-tap-1
 ```
 
 ## Logging
diff --git a/comanage-match-postgres/Dockerfile b/comanage-match-postgres/Dockerfile
index 5f4ed96..181d0e2 100644
--- a/comanage-match-postgres/Dockerfile
+++ b/comanage-match-postgres/Dockerfile
@@ -16,7 +16,7 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
-FROM postgres:14.4
+FROM postgres:14.10
 
 #RUN apt-get update && apt-get install -y \
     #         postgresql-contrib-9.6 \
diff --git a/common.bash b/common.bash
index 7f4d84f..4724965 100644
--- a/common.bash
+++ b/common.bash
@@ -1,3 +1,3 @@
 maintainer="i2incommon"
 imagename="comanage-match"
-COMANAGE_MATCH_VERSION="1.2.0"
+COMANAGE_MATCH_VERSION="1.2.1"