Skip to content

Fix - ImageMagick vulnerability fix#27454

Closed
harshsoni2024 wants to merge 3 commits intomainfrom
ImageMagick_vul_fix
Closed

Fix - ImageMagick vulnerability fix#27454
harshsoni2024 wants to merge 3 commits intomainfrom
ImageMagick_vul_fix

Conversation

@harshsoni2024
Copy link
Copy Markdown
Contributor

@harshsoni2024 harshsoni2024 commented Apr 17, 2026
edited
Loading

Type of change:

  • Bug fix
  • Improvement
  • New feature
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation

Checklist:

  • I have read the CONTRIBUTING document.
  • My PR title is Fixes <issue-number>: <short explanation>
  • I have commented on my code, particularly in hard-to-understand areas.
  • For JSON Schema changes: I updated the migration scripts or explained why it is not needed.

Summary by Gitar

  • Dependency updates:
    • Updated ImageMagick and library dependencies in ingestion/Dockerfile and ingestion/Dockerfile.ci for security patching.

This will update automatically on new commits.

@harshsoni2024 harshsoni2024 requested a review from a team as a code owner April 17, 2026 07:48
Copilot AI review requested due to automatic review settings April 17, 2026 07:48
@github-actions github-actions Bot added Ingestion safe to test Add this label to run secure Github workflows on PRs labels Apr 17, 2026
Copilot AI reviewed Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the ingestion container build to remediate an ImageMagick vulnerability by attempting to upgrade ImageMagick-related OS packages during Docker image builds.

Changes:

  • Add an apt-get install --only-upgrade step for imagemagick and Magick dev packages in the ingestion Docker images.
  • Apply the same change to both the standard ingestion image and the CI variant.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
ingestion/Dockerfile Adds an ImageMagick-related package upgrade step during image build.
ingestion/Dockerfile.ci Adds the same ImageMagick-related package upgrade step for CI builds.

Comment thread ingestion/Dockerfile Outdated
Comment thread ingestion/Dockerfile.ci Outdated
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 17, 2026
edited
Loading

🟡 Playwright Results — all passed (16 flaky)

✅ 3957 passed · ❌ 0 failed · 🟡 16 flaky · ⏭️ 86 skipped

Shard Passed Failed Flaky Skipped
🟡 Shard 1 297 0 2 4
🟡 Shard 2 755 0 4 8
🟡 Shard 3 730 0 2 7
🟡 Shard 4 757 0 2 18
✅ Shard 5 687 0 0 41
🟡 Shard 6 731 0 6 8
🟡 16 flaky test(s) (passed on retry)
  • Pages/AuditLogs.spec.ts › should apply both User and EntityType filters simultaneously (shard 1, 2 retries)
  • Pages/UserCreationWithPersona.spec.ts › Create user with persona and verify on profile (shard 1, 1 retry)
  • Features/ActivityAPI.spec.ts › Activity event is created when description is updated (shard 2, 1 retry)
  • Features/ActivityAPI.spec.ts › Activity event shows the actor who made the change (shard 2, 1 retry)
  • Features/DomainFilterQueryFilter.spec.ts › Assets from selected domain should be visible in explore page (shard 2, 1 retry)
  • Features/DomainFilterQueryFilter.spec.ts › Domain filter should persist across page navigation (shard 2, 1 retry)
  • Features/RTL.spec.ts › Verify Following widget functionality (shard 3, 1 retry)
  • Features/UserProfileOnlineStatus.spec.ts › Should not show online status for inactive users (shard 3, 1 retry)
  • Pages/DataContracts.spec.ts › Create Data Contract and validate for Table (shard 4, 1 retry)
  • Pages/DataContractsSemanticRules.spec.ts › Validate DataProduct Rule Any_In (shard 4, 1 retry)
  • Features/AutoPilot.spec.ts › Agents created by AutoPilot should be deleted (shard 6, 1 retry)
  • Pages/Lineage/DataAssetLineage.spec.ts › Column lineage for dashboardDataModel -> table (shard 6, 1 retry)
  • Pages/Lineage/LineageFilters.spec.ts › Verify Impact Analysis service filter selection (shard 6, 1 retry)
  • Pages/ODCSImportExport.spec.ts › Multi-object ODCS contract - object selector shows all schema objects (shard 6, 1 retry)
  • Pages/TasksUIFlow.spec.ts › Verify task lifecycle in activity feed (shard 6, 1 retry)
  • Pages/UserDetails.spec.ts › Create team with domain and verify visibility of inherited domain in user profile after team removal (shard 6, 1 retry)

📦 Download artifacts

How to debug locally 
# Download playwright-test-results-<shard> artifact and unzip
npx playwright show-trace path/to/trace.zip    # view trace

@gitar-bot
Copy link
Copy Markdown

gitar-bot Bot commented Apr 27, 2026
edited
Loading

Code Review ✅ Approved

Updates ImageMagick dependencies to remediate identified security vulnerabilities. No further issues found.

Options

Display: compact → Showing less information.

Comment with these commands to change:

Compact 
gitar display:verbose

Was this helpful? React with 👍 / 👎 | Gitar

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Apr 27, 2026

Quality Gate Passed Quality Gate passed for 'open-metadata-ingestion'

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

Ingestion safe to test Add this label to run secure Github workflows on PRs

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@harshsoni2024