Skip to content

Commit 43d6a98

Browse files
bjee19bjee19
authored
Update Dockerfile alpine packages for cve fixes (#3973) (#3983)
Cherry-pick #3973. Update Dockerfile alpine packages libexpat and tiff to fix cves.
1 parent 877c415 commit 43d6a98

File tree

1 file changed

+3
-0
lines changed

1 file changed

+3
-0
lines changed

build/Dockerfile.nginx

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,9 @@ FROM scratch AS nginx-files
55
ADD --link --chown=101:1001 https://cs.nginx.com/static/keys/nginx_signing.rsa.pub nginx_signing.rsa.pub
66

77
FROM nginx:1.29.1-alpine-otel
8+
# the following apk update and add are to address CVE-2025-59375 and CVE-2025-8961/CVE-2025-9165 respectively,
9+
# once a new base image is available with these package updates, they can be removed.
10+
RUN apk update && apk add --no-cache 'libexpat>=2.7.2-r0' 'tiff>=4.7.1-r0'
811

912
# renovate: datasource=github-tags depName=nginx/agent
1013
ARG NGINX_AGENT_VERSION=v3.3.1

0 commit comments

Comments
 (0)