Upgrade CF Buildpack and NGINX to address CVEs

• Upgraded to use CF Buildpack v4.28.4 #146
  • Addresses CVE-2022-21449
• Upgraded NGINX to version 1.20 in the ubi8 rootfs image
  • Addresses CVE-2021-23017

Updated to CF Buildpack v4.24.0

• Updated to use CF Buildpack v4.24.0 #135 #134
  • This updates CF Buildpack dependencies to the latest version, including fixes for CVE-2021-44228 and CVE-2021-45046
  • Images built with the default Docker Mendix Buildpack settings are not expected to contain the vulnerable log4j-core library. However vulnerable versions of log4j-core might still be present if they're included through project modules or Java actions.
  • To confirm that your container images are not affected by the log4j CVEs, use a container security scanner - for example, the Trivy container image scanner.
• Switched rootfs from the full ubi image to ubi-minimal - to exclude unnecessary dependencies and improve CVE scores #134

Updated to CF Buildpack v4.20.0

• Updated to use CF Buildpack to v4.20.0 #128
• Fixed permissions for a path used by the Datadog agent

Support for Siemens Industrial Edge, CF Buildpack improvements

Added support to load environment variables from a file (#121).

Other improvements (#122):

• Upgraded to CF Buildpack v4.17.1
• Fixed offline licenses when running as root.
• Prevent privilege escalations (newgrp 0) in non-OpenShift clusters.
• In non-OpenShift clusters, the Unable to fixup permissions of directory message will no longer be displayed when running with the default 1001 user.
• Fixed an error message when container is terminated with CTRL+C.

Offline support, fixed Datadog permissions

• Added BLOBSTORE and CF_BUILDPACK_URL configuration options #110, #116 so that the Docker Buildpack can be used with a private CDN
• Upgraded to CF Buildpack v4.15.4 to fix an issue with Datadog file permissions #119

Support for RHEL (ubi8), improved security

• Updated pinned version of CF Buildpack to v4.15.1.
• Using NGINX provided by the base OS instead of NGINX included with the CF Buildpack
• Added support to build images based on RHEL (ubi8). This significantly improves CVE scan results with when building a Mendix app with the default settings.

⚠️ The default ROOTFS_IMAGE has been switched from mendix/rootfs:bionic to mendix/rootfs:ubi8.

Updated to CF Buildpack v4.14.1, hotfix for logfilter

• Updated pinned version of CF Buildpack to v4.14.1.
• When using EXCLUDE_LOGFILTER=true, all copies of mendix-logfilter are now deleted.

Update to CF Buildpack v4.13.6, improved security

• Updated pinned version of CF Buildpack to v4.13.6
• Using pinned CF Buildpack releases to improve build stability (see more details in the CF Buildpack v4.11.0 Release)
• Documented which Docker versions are supported
• Switched from Travis CI to GitHub Actions for integration tests
• Prevent auto-setting of CF_INSTANCE_INDEX when it is already explicitly set in the environment (#106)
• Removed build-time and rarely used components to improve security scores of the base image:
  • Excluded mendix-logfilter which is only needed when using the EXCLUDE_LOGFILTER environment variable.
  • Build-time dependencies such as libgdiplus are now uninstalled from the resulting image.

Update build process and CF Buildpack to v.4.9.4

• Updated build process to stop the build when there is a compilation error
• Updated pinned version of CF Buildpack to v4.9.4

Update default cf buildpack version to v4.5.8

Updated pinned version of CF Buildpack to v4.5.8