Update ELK Images

[elasticmachine]

Update ELK Images

[github-actions]

Diff for 417c0f9:

diff --git a/_bashbrew-cat b/_bashbrew-cat
index 7b08a91..dd4064f 100644
--- a/_bashbrew-cat
+++ b/_bashbrew-cat
@@ -9,10 +9,10 @@ Architectures: amd64, arm64v8
 GitFetch: refs/heads/7.17
 GitCommit: 9ae9896e426721527703fcb2d43f2610afbd88ee
 
-Tags: 8.14.3
+Tags: 8.15.0
 Architectures: amd64, arm64v8
-GitFetch: refs/heads/8.14
-GitCommit: 1281351b137229a96022f864d5b3cbd544f83871
+GitFetch: refs/heads/8.15
+GitCommit: 59cef71220e73a0d09bf5bb9b2322b9198d1bab4
 
 
 # kibana
@@ -26,10 +26,10 @@ Architectures: amd64, arm64v8
 GitFetch: refs/heads/7.17
 GitCommit: 9ae9896e426721527703fcb2d43f2610afbd88ee
 
-Tags: 8.14.3
+Tags: 8.15.0
 Architectures: amd64, arm64v8
-GitFetch: refs/heads/8.14
-GitCommit: 1281351b137229a96022f864d5b3cbd544f83871
+GitFetch: refs/heads/8.15
+GitCommit: 59cef71220e73a0d09bf5bb9b2322b9198d1bab4
 
 
 # logstash
@@ -43,7 +43,7 @@ Architectures: amd64, arm64v8
 GitFetch: refs/heads/7.17
 GitCommit: 9ae9896e426721527703fcb2d43f2610afbd88ee
 
-Tags: 8.14.3
+Tags: 8.15.0
 Architectures: amd64, arm64v8
-GitFetch: refs/heads/8.14
-GitCommit: 1281351b137229a96022f864d5b3cbd544f83871
+GitFetch: refs/heads/8.15
+GitCommit: 59cef71220e73a0d09bf5bb9b2322b9198d1bab4
diff --git a/_bashbrew-list b/_bashbrew-list
index 472bc99..62e1fef 100644
--- a/_bashbrew-list
+++ b/_bashbrew-list
@@ -1,6 +1,6 @@
 elasticsearch:7.17.23
-elasticsearch:8.14.3
+elasticsearch:8.15.0
 kibana:7.17.23
-kibana:8.14.3
+kibana:8.15.0
 logstash:7.17.23
-logstash:8.14.3
+logstash:8.15.0
diff --git a/_bashbrew-list-build-order b/_bashbrew-list-build-order
index 472bc99..62e1fef 100644
--- a/_bashbrew-list-build-order
+++ b/_bashbrew-list-build-order
@@ -1,6 +1,6 @@
 elasticsearch:7.17.23
-elasticsearch:8.14.3
+elasticsearch:8.15.0
 kibana:7.17.23
-kibana:8.14.3
+kibana:8.15.0
 logstash:7.17.23
-logstash:8.14.3
+logstash:8.15.0
diff --git a/elasticsearch_8.14.3/Dockerfile b/elasticsearch_8.15.0/Dockerfile
similarity index 94%
rename from elasticsearch_8.14.3/Dockerfile
rename to elasticsearch_8.15.0/Dockerfile
index c92224e..e8e50fd 100644
--- a/elasticsearch_8.14.3/Dockerfile
+++ b/elasticsearch_8.15.0/Dockerfile
@@ -43,7 +43,7 @@ RUN set -eux ; \
 RUN mkdir /usr/share/elasticsearch
 WORKDIR /usr/share/elasticsearch
 
-RUN curl --retry 10 -S -L --output /tmp/elasticsearch.tar.gz https://artifacts-no-kpi.elastic.co/downloads/elasticsearch/elasticsearch-8.14.3-linux-$(arch).tar.gz
+RUN curl --retry 10 -S -L --output /tmp/elasticsearch.tar.gz https://artifacts-no-kpi.elastic.co/downloads/elasticsearch/elasticsearch-8.15.0-linux-$(arch).tar.gz
 
 RUN tar -zxf /tmp/elasticsearch.tar.gz --strip-components=1
 
@@ -135,25 +135,25 @@ RUN /etc/ca-certificates/update.d/docker-openjdk
 
 EXPOSE 9200 9300
 
-LABEL org.label-schema.build-date="2024-07-07T22:04:49.882652950Z" \
+LABEL org.label-schema.build-date="2024-08-05T10:05:34.233336849Z" \
   org.label-schema.license="Elastic-License-2.0" \
   org.label-schema.name="Elasticsearch" \
   org.label-schema.schema-version="1.0" \
   org.label-schema.url="https://www.elastic.co/products/elasticsearch" \
   org.label-schema.usage="https://www.elastic.co/guide/en/elasticsearch/reference/index.html" \
-  org.label-schema.vcs-ref="d55f984299e0e88dee72ebd8255f7ff130859ad0" \
+  org.label-schema.vcs-ref="1a77947f34deddb41af25e6f0ddb8e830159c179" \
   org.label-schema.vcs-url="https://github.com/elastic/elasticsearch" \
   org.label-schema.vendor="Elastic" \
-  org.label-schema.version="8.14.3" \
-  org.opencontainers.image.created="2024-07-07T22:04:49.882652950Z" \
+  org.label-schema.version="8.15.0" \
+  org.opencontainers.image.created="2024-08-05T10:05:34.233336849Z" \
   org.opencontainers.image.documentation="https://www.elastic.co/guide/en/elasticsearch/reference/index.html" \
   org.opencontainers.image.licenses="Elastic-License-2.0" \
-  org.opencontainers.image.revision="d55f984299e0e88dee72ebd8255f7ff130859ad0" \
+  org.opencontainers.image.revision="1a77947f34deddb41af25e6f0ddb8e830159c179" \
   org.opencontainers.image.source="https://github.com/elastic/elasticsearch" \
   org.opencontainers.image.title="Elasticsearch" \
   org.opencontainers.image.url="https://www.elastic.co/products/elasticsearch" \
   org.opencontainers.image.vendor="Elastic" \
-  org.opencontainers.image.version="8.14.3"
+  org.opencontainers.image.version="8.15.0"
 
 # Our actual entrypoint is `tini`, a minimal but functional init program. It
 # calls the entrypoint we provide, while correctly forwarding signals.
diff --git a/elasticsearch_8.14.3/bin/docker-entrypoint.sh b/elasticsearch_8.15.0/bin/docker-entrypoint.sh
similarity index 100%
rename from elasticsearch_8.14.3/bin/docker-entrypoint.sh
rename to elasticsearch_8.15.0/bin/docker-entrypoint.sh
diff --git a/elasticsearch_8.14.3/bin/docker-openjdk b/elasticsearch_8.15.0/bin/docker-openjdk
similarity index 100%
rename from elasticsearch_8.14.3/bin/docker-openjdk
rename to elasticsearch_8.15.0/bin/docker-openjdk
diff --git a/elasticsearch_8.14.3/config/elasticsearch.yml b/elasticsearch_8.15.0/config/elasticsearch.yml
similarity index 100%
rename from elasticsearch_8.14.3/config/elasticsearch.yml
rename to elasticsearch_8.15.0/config/elasticsearch.yml
diff --git a/elasticsearch_8.14.3/config/log4j2.properties b/elasticsearch_8.15.0/config/log4j2.properties
similarity index 100%
rename from elasticsearch_8.14.3/config/log4j2.properties
rename to elasticsearch_8.15.0/config/log4j2.properties
diff --git a/kibana_8.14.3/Dockerfile b/kibana_8.15.0/Dockerfile
similarity index 80%
rename from kibana_8.14.3/Dockerfile
rename to kibana_8.15.0/Dockerfile
index 201a993..ecb36cf 100644
--- a/kibana_8.14.3/Dockerfile
+++ b/kibana_8.15.0/Dockerfile
@@ -16,41 +16,20 @@ RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y curl
 RUN cd /tmp && \
   curl --retry 8 -s -L \
     --output kibana.tar.gz \
-     https://artifacts.elastic.co/downloads/kibana/kibana-8.14.3-linux-$(arch).tar.gz && \
+     https://artifacts.elastic.co/downloads/kibana/kibana-8.15.0-linux-$(arch).tar.gz && \
   cd -
 
-
 RUN mkdir /usr/share/kibana
 WORKDIR /usr/share/kibana
-RUN tar --strip-components=1 -zxf /tmp/kibana.tar.gz
+RUN tar \
+  --strip-components=1 \
+  -zxf /tmp/kibana.tar.gz
 # Ensure that group permissions are the same as user permissions.
 # This will help when relying on GID-0 to run Kibana, rather than UID-1000.
 # OpenShift does this, for example.
 # REF: https://docs.openshift.org/latest/creating_images/guidelines.html
 RUN chmod -R g=u /usr/share/kibana
 
-
-################################################################################
-# Build stage 1 (the actual Kibana image):
-#
-# Copy kibana from stage 0
-# Add entrypoint
-################################################################################
-FROM ubuntu:20.04
-EXPOSE 5601
-
-RUN for iter in {1..10}; do \
-      export DEBIAN_FRONTEND=noninteractive && \
-      apt-get update  && \
-      apt-get upgrade -y  && \
-      apt-get install -y --no-install-recommends \
-       fontconfig fonts-liberation libnss3 libfontconfig1 ca-certificates curl && \
-      apt-get clean && \
-      rm -rf /var/lib/apt/lists/* && exit_code=0 && break || exit_code=$? && echo "apt-get error: retry $iter in 10s" && \
-      sleep 10; \
-    done; \
-    (exit $exit_code)
-
 # Add an init process, check the checksum to make sure it's a match
 RUN set -e ; \
     TINI_BIN="" ; \
@@ -70,14 +49,38 @@ RUN set -e ; \
   rm "${TINI_BIN}.sha256sum" ; \
   mv "${TINI_BIN}" /bin/tini ; \
   chmod +x /bin/tini
+RUN mkdir -p /usr/share/fonts/local && \
+  curl --retry 8 -S -L -o /usr/share/fonts/local/NotoSansCJK-Regular.ttc https://github.com/googlefonts/noto-cjk/raw/NotoSansV2.001/NotoSansCJK-Regular.ttc && \
+  echo "5dcd1c336cc9344cb77c03a0cd8982ca8a7dc97d620fd6c9c434e02dcb1ceeb3  /usr/share/fonts/local/NotoSansCJK-Regular.ttc" | sha256sum -c -
 
-RUN mkdir /usr/share/fonts/local
-RUN curl --retry 8 -S -L -o /usr/share/fonts/local/NotoSansCJK-Regular.ttc https://github.com/googlefonts/noto-cjk/raw/NotoSansV2.001/NotoSansCJK-Regular.ttc
-RUN echo "5dcd1c336cc9344cb77c03a0cd8982ca8a7dc97d620fd6c9c434e02dcb1ceeb3  /usr/share/fonts/local/NotoSansCJK-Regular.ttc" | sha256sum -c -
-RUN fc-cache -v
+
+################################################################################
+# Build stage 1 (the actual Kibana image):
+#
+# Copy kibana from stage 0
+# Add entrypoint
+################################################################################
+FROM ubuntu:20.04
+EXPOSE 5601
+
+RUN for iter in {1..10}; do \
+      export DEBIAN_FRONTEND=noninteractive && \
+      apt-get update  && \
+      apt-get upgrade -y  && \
+      apt-get install -y --no-install-recommends \
+       fontconfig libnss3 curl ca-certificates && \
+      apt-get clean && \
+      rm -rf /var/lib/apt/lists/* && exit_code=0 && break || exit_code=$? && echo "apt-get error: retry $iter in 10s" && \
+      sleep 10; \
+    done; \
+    (exit $exit_code)
 
 # Bring in Kibana from the initial stage.
 COPY --from=builder --chown=1000:0 /usr/share/kibana /usr/share/kibana
+COPY --from=builder --chown=0:0 /bin/tini /bin/tini
+# Load reporting fonts
+COPY --from=builder --chown=0:0 /usr/share/fonts/local/NotoSansCJK-Regular.ttc /usr/share/fonts/local/NotoSansCJK-Regular.ttc
+RUN fc-cache -v
 WORKDIR /usr/share/kibana
 RUN ln -s /usr/share/kibana /opt/kibana
 
@@ -104,25 +107,25 @@ RUN groupadd --gid 1000 kibana && \
       --home-dir /usr/share/kibana --no-create-home \
       kibana
 
-LABEL org.label-schema.build-date="2024-07-09T00:12:32.954Z" \
+LABEL org.label-schema.build-date="2024-08-05T11:09:44.913Z" \
   org.label-schema.license="Elastic License" \
   org.label-schema.name="Kibana" \
   org.label-schema.schema-version="1.0" \
   org.label-schema.url="https://www.elastic.co/products/kibana" \
   org.label-schema.usage="https://www.elastic.co/guide/en/kibana/reference/index.html" \
-  org.label-schema.vcs-ref="465f50087cd040ef03e6ccec1cb7737427a713ce" \
+  org.label-schema.vcs-ref="8aa0b59da12c996e3048d8875446667ee6e15c7f" \
   org.label-schema.vcs-url="https://github.com/elastic/kibana" \
   org.label-schema.vendor="Elastic" \
-  org.label-schema.version="8.14.3" \
-  org.opencontainers.image.created="2024-07-09T00:12:32.954Z" \
+  org.label-schema.version="8.15.0" \
+  org.opencontainers.image.created="2024-08-05T11:09:44.913Z" \
   org.opencontainers.image.documentation="https://www.elastic.co/guide/en/kibana/reference/index.html" \
   org.opencontainers.image.licenses="Elastic License" \
-  org.opencontainers.image.revision="465f50087cd040ef03e6ccec1cb7737427a713ce" \
+  org.opencontainers.image.revision="8aa0b59da12c996e3048d8875446667ee6e15c7f" \
   org.opencontainers.image.source="https://github.com/elastic/kibana" \
   org.opencontainers.image.title="Kibana" \
   org.opencontainers.image.url="https://www.elastic.co/products/kibana" \
   org.opencontainers.image.vendor="Elastic" \
-  org.opencontainers.image.version="8.14.3"
+  org.opencontainers.image.version="8.15.0"
 
 
 ENTRYPOINT ["/bin/tini", "--"]
diff --git a/kibana_8.14.3/bin/kibana-docker b/kibana_8.15.0/bin/kibana-docker
similarity index 99%
rename from kibana_8.14.3/bin/kibana-docker
rename to kibana_8.15.0/bin/kibana-docker
index a82b87c..10fcbe6 100755
--- a/kibana_8.14.3/bin/kibana-docker
+++ b/kibana_8.15.0/bin/kibana-docker
@@ -156,11 +156,13 @@ kibana_vars=(
     server.customResponseHeaders
     server.defaultRoute
     server.host
+    server.http2.allowUnsecure
     server.keepAliveTimeout
     server.maxPayload
     server.maxPayloadBytes
     server.name
     server.port
+    server.protocol
     server.publicBaseUrl
     server.requestId.allowFromAnyIp
     server.requestId.ipAllowlist
@@ -388,6 +390,7 @@ kibana_vars=(
     xpack.security.authc.selector.enabled
     xpack.security.cookieName
     xpack.security.encryptionKey
+    xpack.security.experimental.fipsMode.enabled
     xpack.security.loginAssistanceMessage
     xpack.security.loginHelp
     xpack.security.sameSiteCookies
diff --git a/kibana_8.14.3/config/kibana.yml b/kibana_8.15.0/config/kibana.yml
similarity index 100%
rename from kibana_8.14.3/config/kibana.yml
rename to kibana_8.15.0/config/kibana.yml
diff --git a/logstash_8.14.3/Dockerfile b/logstash_8.15.0/Dockerfile
similarity index 80%
rename from logstash_8.14.3/Dockerfile
rename to logstash_8.15.0/Dockerfile
index fe98e11..6b60039 100644
--- a/logstash_8.14.3/Dockerfile
+++ b/logstash_8.15.0/Dockerfile
@@ -5,15 +6,15 @@ FROM ubuntu:20.04
 
 RUN for iter in {1..10}; do \
       export DEBIAN_FRONTEND=noninteractive && \
-apt-get update -y && \
-apt-get upgrade -y && \
-apt-get install -y procps findutils tar gzip && \
+    apt-get update -y && \
+  apt-get upgrade -y && \
+  apt-get install -y procps findutils tar gzip && \
         apt-get install -y locales && \
         apt-get install -y curl && \
-apt-get clean all && \
+    apt-get clean all && \
       locale-gen 'en_US.UTF-8' && \
     apt-get clean metadata && \
-exit_code=0 && break || exit_code=$? && \
+  exit_code=0 && break || exit_code=$? && \
 echo "packaging error: retry $iter in 10s" && \
 apt-get clean all && \
   apt-get clean metadata && \
@@ -25,9 +26,9 @@ RUN groupadd --gid 1000 logstash && \
   adduser --uid 1000 --gid 1000 --home /usr/share/logstash --no-create-home logstash
 
 # Add Logstash itself.
-RUN curl -Lo - https://artifacts.elastic.co/downloads/logstash/logstash-8.14.3-linux-$(arch).tar.gz | \
+RUN curl -Lo - https://artifacts.elastic.co/downloads/logstash/logstash-8.15.0-linux-$(arch).tar.gz | \
   tar zxf - -C /usr/share && \
-  mv /usr/share/logstash-8.14.3 /usr/share/logstash && \
+  mv /usr/share/logstash-8.15.0 /usr/share/logstash && \
   chown --recursive logstash:logstash /usr/share/logstash/ && \
   chown -R logstash:root /usr/share/logstash && \
   chmod -R g=u /usr/share/logstash && \
@@ -46,12 +47,12 @@ ENV PATH=/usr/share/logstash/bin:$PATH
   COPY config/logstash-full.yml config/logstash.yml
 COPY config/pipelines.yml config/log4j2.properties config/log4j2.file.properties config/
 COPY pipeline/default.conf pipeline/logstash.conf
-COPY env2yaml/env2yaml-amd64 env2yaml/env2yaml-arm64 env2yaml/
 
 RUN chown --recursive logstash:root config/ pipeline/
 # Ensure Logstash gets the correct locale by default.
 ENV LANG=en_US.UTF-8 LC_ALL=en_US.UTF-8
 
+COPY env2yaml/env2yaml-amd64 env2yaml/env2yaml-arm64 env2yaml/
 # Copy over the appropriate env2yaml artifact
 RUN env2yamlarch="$(dpkg --print-architecture)"; \
   case "${env2yamlarch}" in \
@@ -63,6 +64,7 @@ RUN env2yamlarch="$(dpkg --print-architecture)"; \
       ;; \
     *) echo >&2 "error: unsupported architecture '$env2yamlarch'"; exit 1 ;; \
   esac; \
+  mkdir -p /usr/local/bin; \
   cp env2yaml/env2yaml-${env2yamlarch} /usr/local/bin/env2yaml; \
   rm -rf env2yaml
 # Place the startup wrapper script.
@@ -80,14 +82,14 @@ LABEL  org.label-schema.schema-version="1.0" \
   org.opencontainers.image.vendor="Elastic" \
   org.label-schema.name="logstash" \
   org.opencontainers.image.title="logstash" \
-  org.label-schema.version="8.14.3" \
-  org.opencontainers.image.version="8.14.3" \
+  org.label-schema.version="8.15.0" \
+  org.opencontainers.image.version="8.15.0" \
   org.label-schema.url="https://www.elastic.co/products/logstash" \
   org.label-schema.vcs-url="https://github.com/elastic/logstash" \
   org.label-schema.license="Elastic License" \
   org.opencontainers.image.licenses="Elastic License" \
   org.opencontainers.image.description="Logstash is a free and open server-side data processing pipeline that ingests data from a multitude of sources, transforms it, and then sends it to your favorite 'stash.'" \
-  org.label-schema.build-date=2024-07-04T08:40:49+00:00 \
-  org.opencontainers.image.created=2024-07-04T08:40:49+00:00
+  org.label-schema.build-date=2024-07-24T10:13:18+00:00 \
+  org.opencontainers.image.created=2024-07-24T10:13:18+00:00
 
 ENTRYPOINT ["/usr/local/bin/docker-entrypoint"]
diff --git a/logstash_8.14.3/bin/docker-entrypoint b/logstash_8.15.0/bin/docker-entrypoint
similarity index 100%
rename from logstash_8.14.3/bin/docker-entrypoint
rename to logstash_8.15.0/bin/docker-entrypoint
diff --git a/logstash_8.14.3/config/log4j2.file.properties b/logstash_8.15.0/config/log4j2.file.properties
similarity index 100%
rename from logstash_8.14.3/config/log4j2.file.properties
rename to logstash_8.15.0/config/log4j2.file.properties
diff --git a/logstash_8.14.3/config/log4j2.properties b/logstash_8.15.0/config/log4j2.properties
similarity index 100%
rename from logstash_8.14.3/config/log4j2.properties
rename to logstash_8.15.0/config/log4j2.properties
diff --git a/logstash_8.14.3/config/logstash-full.yml b/logstash_8.15.0/config/logstash-full.yml
similarity index 100%
rename from logstash_8.14.3/config/logstash-full.yml
rename to logstash_8.15.0/config/logstash-full.yml
diff --git a/logstash_8.14.3/config/pipelines.yml b/logstash_8.15.0/config/pipelines.yml
similarity index 100%
rename from logstash_8.14.3/config/pipelines.yml
rename to logstash_8.15.0/config/pipelines.yml
diff --git a/logstash_8.14.3/env2yaml/env2yaml-amd64 b/logstash_8.15.0/env2yaml/env2yaml-amd64
similarity index 100%
rename from logstash_8.14.3/env2yaml/env2yaml-amd64
rename to logstash_8.15.0/env2yaml/env2yaml-amd64
diff --git a/logstash_8.14.3/env2yaml/env2yaml-arm64 b/logstash_8.15.0/env2yaml/env2yaml-arm64
similarity index 100%
rename from logstash_8.14.3/env2yaml/env2yaml-arm64
rename to logstash_8.15.0/env2yaml/env2yaml-arm64
diff --git a/logstash_8.14.3/pipeline/default.conf b/logstash_8.15.0/pipeline/default.conf
similarity index 100%
rename from logstash_8.14.3/pipeline/default.conf
rename to logstash_8.15.0/pipeline/default.conf

Relevant Maintainers:

• elasticsearch: @mark-vieira
• kibana: @jbudz
• logstash: @jsvd

[yosifkit]

We recommend against using blanket package upgrades (apt-get upgrade/apk upgrade/yum upgrade/yum update) for official-images. When package upgrades are applied in a dependent image, it duplicates content of the base image, making the image larger than necessary. It also only delays the inevitable "there are outdated packages". The Official Images build pipeline only rebuilds on a update to the Dockerfile or a base image update, so we make periodic base image updates to then fully rebuild all dependent images (e.g., the Debian and Ubuntu images are updated a least every 30 days).

We strive to publish updated images at least monthly for Debian. We also rebuild earlier if there is a critical security need, e.g. docker-library/official-images#2171. Many Official Images are maintained by the community or their respective upstream projects, like Ubuntu, Alpine, and Oracle Linux, and are subject to their own maintenance schedule. These refreshed base images also means that any other image in the Official Images program that is FROM them will also be rebuilt (as described in the project README.md file).

- https://github.com/docker-library/faq/tree/0ad5fd60288109c875a54a37f6581b2deaa836db#why-does-my-security-scanner-show-that-an-image-has-cves