In Case You Missed It: Docker Hub had a data breach. Password hashes and usernames were accessed. GitHub and BitBucket tokens were also accessed, but Docker revoked those on your behalf since they use OAuth for that.

Reset all passwords. NOW!!! – Especially if you have access to the OpenMRS Docker Hub Organization since anyone with access can push to Docker Hub with malicious images ripe with malware. I already changed all the passwords for accounts I have access to.

Details

Unauthorized access to Docker Hub database, by Kent Lamb (Director, Global Technical Support)

Breach details notice in docker forums

I have just reset mine now. Thanks @r0bby for always being on the top of the game!

Hi @cintiadr,

I’ve just got login failure at https://ci.openmrs.org/deploy/viewDeploymentResult.action?deploymentResultId=150536281

Have CI credentials been updated?

Yeah @raff , I updated it in CI (for example refapp build).

I mean, even your staging deploy worked. Looking it now.

Oh, I know why.

The content of the variables available during deployment are exactly how they were when the build (the source build, the beginning of the pipeline) was initiated. This is to ensure a consistent pipeline.

As the build was created a month ago, it had the old value.

I’m reran the build (same commit), so this new release will pick up the new value for the docker password. It’s deployed to qa and stg, successfully.

Perfect! Thanks a lot!