Skip to content

Commit b0ce613

Browse files
bjee19bjee19
committed
Update libexpat and tiff to fix cves
1 parent 4fb351e commit b0ce613

File tree

1 file changed

+5
-0
lines changed

1 file changed

+5
-0
lines changed

build/Dockerfile.nginx

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,11 @@ FROM scratch AS nginx-files
55
ADD --link --chown=101:1001 https://cs.nginx.com/static/keys/nginx_signing.rsa.pub nginx_signing.rsa.pub
66

77
FROM nginx:1.29.1-alpine-otel
8+
# the following apk update and add are to address CVE-2025-59375 and CVE-2025-8961 respectively,
9+
# once a new base image is available with these package updates, they can be removed
10+
RUN apk update && apk add --no-cache \
11+
'libexpat=2.7.2-r0' \
12+
'tiff=4.7.1-r0'
813

914
# renovate: datasource=github-tags depName=nginx/agent
1015
ARG NGINX_AGENT_VERSION=v3.3.2

0 commit comments

Comments
 (0)