Update alpine base image, OpenSSL version

This addresses multiple vulnerabilities found in OpenSSL, which is bundled in the Docker image to allow Webdis to connect to Redis over a secure TLS connection. Full list of CVEs to be published in the upcoming release notes for Webdis 0.1.22.
nicolasff · Aug 10, 2023 · 5251109 · 5251109
1 parent 496ac1a
commit 5251109
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.17.1 AS stage
+FROM alpine:3.18.3 AS stage
 LABEL maintainer="Nicolas Favre-Felix <n.favrefelix@gmail.com>"
 
 RUN apk update && apk add wget make gcc libevent-dev msgpack-c-dev musl-dev openssl-dev bsd-compat-headers jq
@@ -9,11 +9,11 @@ RUN cd webdis-$(cat latest) && make && make install && make clean && make SSL=1
 RUN sed -i -e 's/"daemonize":.*true,/"daemonize": false,/g' /etc/webdis.prod.json
 
 # main image
-FROM alpine:3.17.1
+FROM alpine:3.18.3
 # Required dependencies, with versions fixing known security vulnerabilities
 RUN apk update && apk add libevent msgpack-c openssl \
-    'redis>=6.2.10' 'libssl3>=3.0.8-r0' 'libcrypto3>=3.0.8-r1' \
-    'libssl1.1' 'libcrypto1.1>=1.1.1t-r0' && \
+    'redis>=6.2.10' 'libssl3>=3.0.10-r0' 'libcrypto3>=3.0.10-r0' \
+    'libssl1.1' 'libcrypto1.1>=1.1.1u-r1' && \
     rm -f /var/cache/apk/* /usr/bin/redis-benchmark /usr/bin/redis-cli
 COPY --from=stage /usr/local/bin/webdis /usr/local/bin/webdis-ssl /usr/local/bin/
 COPY --from=stage /etc/webdis.prod.json /etc/webdis.prod.json