From b5037db685803b9189f7787156a6533283114b90 Mon Sep 17 00:00:00 2001
From: lebaudantoine <lebaud.antoine131@gmail.com>
Date: Wed, 12 Feb 2025 11:06:20 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=92=EF=B8=8F(docker)=20patch=20libssl3?=
 =?UTF-8?q?=20and=20libcrypto3=20to=20address=20CVE-2024-12797?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Added temporary root privileges to update OpenSSL libraries. Upgrades libssl3
and libcrypto3 to 3.3.3-r0 to fix HIGH severity vulnerability. Properly
switches back to nginx user after updates. Maintains unprivileged execution
while addressing security concern affecting RFC7250 Raw Public Keys
authentication.

Security: CVE-2024-12797
---
 src/frontend/Dockerfile | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/frontend/Dockerfile b/src/frontend/Dockerfile
index 406a2e5d..c32ac588 100644
--- a/src/frontend/Dockerfile
+++ b/src/frontend/Dockerfile
@@ -34,6 +34,11 @@ RUN npm run build
 # ---- Front-end image ----
 FROM nginxinc/nginx-unprivileged:1.26-alpine AS frontend-production
 
+USER root
+RUN apk update && apk upgrade libssl3 libcrypto3
+
+USER nginx
+
 # Un-privileged user running the application
 ARG DOCKER_USER
 USER ${DOCKER_USER}