docker · pcaskey · Jan 29, 2026 · Jan 29, 2026 · Jan 29, 2026 · Jan 29, 2026
diff --git a/Dockerfile b/Dockerfile
@@ -1,14 +1,14 @@
-FROM --platform=$TARGETPLATFORM rockylinux/rockylinux:9.6
+FROM --platform=$TARGETPLATFORM rockylinux/rockylinux:9.7
 
 ########################
 ### VERSION SETTINGS ###
 ########################
 #
 ##tomcat \
 ENV TOMCAT_MAJOR=10 \
-    TOMCAT_VERSION=10.1.48 \
+    TOMCAT_VERSION=10.1.52 \
 ##shib-idp \
-    VERSION=5.1.6 \
+    VERSION=5.2.0 \
 ##TIER \
     TIERVERSION=20251106_rocky9_multiarch \
 #################### \

diff --git a/Jenkinsfile b/Jenkinsfile
@@ -98,9 +98,9 @@ pipeline {
                          echo "Scanning for all vulnerabilities..."
                          sh 'mkdir -p reports'
                          // 2 commented scans below are OS-only, in case timeout issues occur
-                         sh "trivy image --timeout 15m --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan.html ${imagename}_${tag}"
+                         sh "trivy image --timeout 60m --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan.html ${imagename}_${tag}"
                          // sh "trivy image --ignore-unfixed --vuln-type os --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan.html ${imagename}_${tag}"
-                         sh "trivy image --timeout 15m --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan-arm.html ${imagename}_${tag}:arm64"
+                         sh "trivy image --timeout 60m --ignore-unfixed --vuln-type os,library --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan-arm.html ${imagename}_${tag}:arm64"
                          // sh "trivy image --ignore-unfixed --vuln-type os --severity CRITICAL,HIGH --no-progress --security-checks vuln --format template --template '@html.tpl' -o reports/container-scan-arm.html ${imagename}_${tag}:arm64"
                          publishHTML target : [
                              allowMissing: true,

diff --git a/container_files/idp/idp.installer.properties b/container_files/idp/idp.installer.properties
@@ -1,4 +1,4 @@
-idp.src.dir=/tmp/shibboleth/shibboleth-identity-provider-5.1.6
+idp.src.dir=/tmp/shibboleth/shibboleth-identity-provider-5.2.0
 idp.target.dir=/opt/shibboleth-idp
 idp.host.name=idp.example.org
 idp.sealer.password=changeit

diff --git a/test-compose/sp/Dockerfile b/test-compose/sp/Dockerfile
@@ -1,4 +1,4 @@
-FROM i2incommon/shibboleth_sp:3.4.1_05152024_rocky9_multiarch
+FROM i2incommon/shibboleth_sp:3.5.1_09032025_rocky10_multiarch
 
 LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
       Vendor="TIER" \
@@ -28,6 +28,7 @@ HEALTHCHECK --interval=1m --timeout=30s \
   CMD curl -k -f https://127.0.0.1:8443/Shibboleth.sso/Status || exit 1
 
 RUN mkdir -p /run/php-fpm/
+RUN systemd-tmpfiles --create
 
 EXPOSE 8443