From 5251109517aa0d294e39bf809600343d8ff29ecb Mon Sep 17 00:00:00 2001 From: Nicolas Favre-Felix Date: Thu, 10 Aug 2023 09:44:12 -0700 Subject: [PATCH] Update alpine base image, OpenSSL version This addresses multiple vulnerabilities found in OpenSSL, which is bundled in the Docker image to allow Webdis to connect to Redis over a secure TLS connection. Full list of CVEs to be published in the upcoming release notes for Webdis 0.1.22. --- Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index e238eb78..eb25acc6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.17.1 AS stage +FROM alpine:3.18.3 AS stage LABEL maintainer="Nicolas Favre-Felix " RUN apk update && apk add wget make gcc libevent-dev msgpack-c-dev musl-dev openssl-dev bsd-compat-headers jq @@ -9,11 +9,11 @@ RUN cd webdis-$(cat latest) && make && make install && make clean && make SSL=1 RUN sed -i -e 's/"daemonize":.*true,/"daemonize": false,/g' /etc/webdis.prod.json # main image -FROM alpine:3.17.1 +FROM alpine:3.18.3 # Required dependencies, with versions fixing known security vulnerabilities RUN apk update && apk add libevent msgpack-c openssl \ - 'redis>=6.2.10' 'libssl3>=3.0.8-r0' 'libcrypto3>=3.0.8-r1' \ - 'libssl1.1' 'libcrypto1.1>=1.1.1t-r0' && \ + 'redis>=6.2.10' 'libssl3>=3.0.10-r0' 'libcrypto3>=3.0.10-r0' \ + 'libssl1.1' 'libcrypto1.1>=1.1.1u-r1' && \ rm -f /var/cache/apk/* /usr/bin/redis-benchmark /usr/bin/redis-cli COPY --from=stage /usr/local/bin/webdis /usr/local/bin/webdis-ssl /usr/local/bin/ COPY --from=stage /etc/webdis.prod.json /etc/webdis.prod.json