🔒️(docker) patch libssl3 and libcrypto3 to address CVE-2024-12797
Added temporary root privileges to update OpenSSL libraries. Upgrades libssl3 and libcrypto3 to 3.3.3-r0 to fix HIGH severity vulnerability. Properly switches back to nginx user after updates. Maintains unprivileged execution while addressing security concern affecting RFC7250 Raw Public Keys authentication. Security: CVE-2024-12797
This commit is contained in:
lebaudantoine
committed by
aleb_the_flash
aleb_the_flash
parent
19804d2e3f
commit
b5037db685
@@ -34,6 +34,11 @@ RUN npm run build
|
||||
# ---- Front-end image ----
|
||||
FROM nginxinc/nginx-unprivileged:1.26-alpine AS frontend-production
|
||||
|
||||
USER root
|
||||
RUN apk update && apk upgrade libssl3 libcrypto3
|
||||
|
||||
USER nginx
|
||||
|
||||
# Un-privileged user running the application
|
||||
ARG DOCKER_USER
|
||||
USER ${DOCKER_USER}
|
||||
|
||||
Reference in New Issue
Block a user