Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add PostgreSQL client and libpq to Dockerfiles to address CVE-2024-7348

Browse source
This commit is contained in:
Théophile Diot 2024-11-01 13:17:42 +01:00
parent 6a7d3ebc34
commit 29993335b8
No known key found for this signature in database
GPG key ID: FA995104A0BA376A
2 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
src/scheduler/Dockerfile
View file

@ -47,6 +47,7 @@ RUN apk add --no-cache bash unzip libgcc libstdc++ libpq openssl libmagic mariad
# Fix CVEs
RUN apk add --no-cache "libcrypto3>=3.3.2-r1" "libssl3>=3.3.2-r1" "openssl>=3.3.2-r1" # CVE-2024-6119
RUN apk add --no-cache "libpq>=16.4-r0" "postgresql16-client" # CVE-2024-7348
# Cleanup
RUN rm -rf /var/cache/apk/*

1
src/ui/Dockerfile
View file

@ -47,6 +47,7 @@ RUN apk add --no-cache bash unzip libmagic mariadb-connector-c mariadb-client po
# Fix CVEs
RUN apk add --no-cache "libcrypto3>=3.3.2-r1" "libssl3>=3.3.2-r1" "openssl>=3.3.2-r1" # CVE-2024-6119
RUN apk add --no-cache "libpq>=16.4-r0" "postgresql16-client" # CVE-2024-7348
# Copy dependencies
COPY --from=builder --chown=0:101 /usr/share/bunkerweb /usr/share/bunkerweb