Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-23 17:08:36 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Fix multiple CVEs (see comment) (finally)

Browse source
This commit is contained in:
Théophile Diot 2023-02-22 10:13:34 +01:00
parent 10ec01e7b0
commit 7a8a75901f
No known key found for this signature in database
GPG key ID: E752C80DB72BB014
5 changed files with 7 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
.github/workflows/dev.yml vendored
View file

@ -47,7 +47,7 @@ jobs:
exit-code: 1
ignore-unfixed: false
severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
trivyignores: .trivyignore
# trivyignores: .trivyignore
# BW scheduler tests
scheduler:
@ -91,7 +91,7 @@ jobs:
exit-code: 1
ignore-unfixed: false
severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
trivyignores: .trivyignore
# trivyignores: .trivyignore
# BW autoconf tests
autoconf:
@ -135,7 +135,7 @@ jobs:
exit-code: 1
ignore-unfixed: false
severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
trivyignores: .trivyignore
# trivyignores: .trivyignore
# BW UI tests
ui:
@ -180,7 +180,7 @@ jobs:
exit-code: 1
ignore-unfixed: false
severity: UNKNOWN,LOW,MEDIUM,HIGH,CRITICAL
trivyignores: .trivyignore
# trivyignores: .trivyignore
# Python code security
code-security:

4
.trivyignore
View file

@ -1,4 +0,0 @@
# libcurl 7.87.0-r2 and curl 7.87.0-r2 are not yet available in python:3.11-alpine
CVE-2023-23916
CVE-2023-23914
CVE-2023-23915

2
src/autoconf/Dockerfile
View file

@ -54,7 +54,7 @@ RUN apk add --no-cache bash && \
chmod 770 /var/log/letsencrypt /var/lib/letsencrypt
# Fix CVEs
RUN apk add "libssl1.1>=1.1.1q-r0" "libcrypto1.1>=1.1.1q-r0" "libxml2>=2.9.14-r1" "expat>=2.5.0-r0" "git>=2.36.5-r0"
RUN apk add "libssl1.1>=1.1.1q-r0" "libcrypto1.1>=1.1.1q-r0" "libxml2>=2.9.14-r1" "expat>=2.5.0-r0" "git>=2.36.5-r0" "curl>=7.87.0-r2" "libcurl>=7.87.0-r2"
VOLUME /data /etc/nginx

2
src/scheduler/Dockerfile
View file

@ -64,7 +64,7 @@ RUN apk add --no-cache bash libgcc libstdc++ openssl && \
chmod 660 /usr/share/bunkerweb/INTEGRATION
# Fix CVEs
RUN apk add "libssl1.1>=1.1.1q-r0" "libcrypto1.1>=1.1.1q-r0" "libxml2>=2.9.14-r1" "expat>=2.5.0-r0" "git>=2.36.5-r0"
RUN apk add "libssl1.1>=1.1.1q-r0" "libcrypto1.1>=1.1.1q-r0" "libxml2>=2.9.14-r1" "expat>=2.5.0-r0" "git>=2.36.5-r0" "curl>=7.87.0-r2" "libcurl>=7.87.0-r2"
VOLUME /data /etc/nginx

2
src/ui/Dockerfile
View file

@ -50,7 +50,7 @@ RUN apk add --no-cache bash && \
chmod 660 /usr/share/bunkerweb/INTEGRATION
# Fix CVEs
RUN apk add "libssl1.1>=1.1.1q-r0" "libcrypto1.1>=1.1.1q-r0" "libxml2>=2.9.14-r1" "expat>=2.5.0-r0" "git>=2.36.5-r0"
RUN apk add "libssl1.1>=1.1.1q-r0" "libcrypto1.1>=1.1.1q-r0" "libxml2>=2.9.14-r1" "expat>=2.5.0-r0" "git>=2.36.5-r0" "curl>=7.87.0-r2" "libcurl>=7.87.0-r2"
VOLUME /data /etc/nginx