Skip to content

Commit

Permalink
🔒️(docker) patch libssl3 and libcrypto3 to address CVE-2024-12797
Browse files Browse the repository at this point in the history 
Added temporary root privileges to update OpenSSL libraries. Upgrades libssl3
and libcrypto3 to 3.3.3-r0 to fix HIGH severity vulnerability. Properly
switches back to nginx user after updates. Maintains unprivileged execution
while addressing security concern affecting RFC7250 Raw Public Keys
authentication.

Security: CVE-2024-12797
  • Loading branch information
@lebaudantoine
lebaudantoine committed Feb 12, 2025
1 parent 19804d2 commit b5037db
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions src/frontend/Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,11 @@ RUN npm run build
# ---- Front-end image ----
FROM nginxinc/nginx-unprivileged:1.26-alpine AS frontend-production

USER root
RUN apk update && apk upgrade libssl3 libcrypto3

USER nginx

# Un-privileged user running the application
ARG DOCKER_USER
USER ${DOCKER_USER}
Expand Down

0 comments on commit b5037db

Please sign in to comment.