From e106415740e0dba74b93787794f6804845330bc9 Mon Sep 17 00:00:00 2001
From: lebaudantoine <lebaud.antoine131@gmail.com>
Date: Sun, 16 Mar 2025 16:28:32 +0100
Subject: [PATCH] =?UTF-8?q?=F0=9F=94=92=EF=B8=8F(frontend)=20update=20meet?=
 =?UTF-8?q?-frontend=20image=20to=20address=20security=20vuls?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixed two HIGH severity vulnerabilities in libxslt:
- CVE-2024-55549: Use-After-Free in libxslt (xsltGetInheritedNsList)
- CVE-2025-24855: Use-After-Free in libxslt numbers.c

The image was manually updated as no more recent unprivileged nginx-based
images were available. This addresses the security scan failures from Trivy.
---
 src/frontend/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/frontend/Dockerfile b/src/frontend/Dockerfile
index 4f5a550b..33704d90 100644
--- a/src/frontend/Dockerfile
+++ b/src/frontend/Dockerfile
@@ -38,7 +38,7 @@ RUN npm run build
 FROM nginxinc/nginx-unprivileged:1.26-alpine AS frontend-production
 
 USER root
-RUN apk update && apk upgrade libssl3 libcrypto3 libxml2>=2.12.7-r2
+RUN apk update && apk upgrade libssl3 libcrypto3 libxml2>=2.12.7-r2 libxslt>=1.1.39-r2
 
 USER nginx