Update Dockerfiles to address CVEs and improve dependency versions

2026-05-24 09:28:37 +00:00 · 2024-11-08 16:09:12 +01:00 · 2024-11-08 16:09:12 +01:00 · 8de3c5a2a0
commit 8de3c5a2a0
parent fe2a37743b
4 changed files with 3 additions and 7 deletions
--- a/src/autoconf/Dockerfile
+++ b/src/autoconf/Dockerfile
@ -44,7 +44,7 @@ RUN apk add --no-cache bash tzdata && \
  adduser -h /var/cache/autoconf -g autoconf -s /bin/sh -G autoconf -D -H -u 101 autoconf

 # Fix CVEs
-RUN apk add --no-cache "libcrypto3>=3.3.2-r1" "libssl3>=3.3.2-r1" "openssl>=3.3.2-r1" # CVE-2024-6119
+RUN apk add --no-cache "libcrypto3>=3.3.2-r1" "libssl3>=3.3.2-r1" # CVE-2024-9143

 # Copy dependencies
 COPY --from=builder --chown=0:101 /usr/share/bunkerweb /usr/share/bunkerweb
--- a/src/bw/Dockerfile
+++ b/src/bw/Dockerfile
@ -51,8 +51,7 @@ RUN umask 027
 RUN apk add --no-cache openssl pcre bash python3 yajl geoip libxml2 libgd curl tzdata

 # Fix CVEs
-RUN apk add --no-cache "curl>=8.9.1-r0" "libcurl>=8.9.1-r0" "pyc>=3.12.3-r2" "python3>=3.12.3-r2" "python3-pyc>=3.12.3-r2" "python3-pycache-pyc0>=3.12.3-r2" # CVE-2024-7264 CVE-2024-8088
-RUN apk add --no-cache "libcrypto3>=3.3.2-r1" "libssl3>=3.3.2-r1" "openssl>=3.3.2-r1" # CVE-2024-6119
+RUN apk add --no-cache "curl>=8.11.0-r0" "libcurl>=8.11.0-r0" # CVE-2024-9681

 # Copy dependencies
 COPY --from=builder --chown=0:101 /usr/share/bunkerweb /usr/share/bunkerweb
--- a/src/scheduler/Dockerfile
+++ b/src/scheduler/Dockerfile
@ -46,8 +46,6 @@ RUN apk add --no-cache bash unzip libgcc libstdc++ libpq openssl libmagic mariad
  adduser -h /var/cache/nginx -g scheduler -s /bin/sh -G scheduler -D -H -u 101 scheduler

 # Fix CVEs
-RUN apk add --no-cache "libcrypto3>=3.3.2-r1" "libssl3>=3.3.2-r1" "openssl>=3.3.2-r1" # CVE-2024-6119
-RUN apk add --no-cache "libpq>=16.4-r0" "postgresql16-client" # CVE-2024-7348

 # Cleanup
 RUN rm -rf /var/cache/apk/*
--- a/src/ui/Dockerfile
+++ b/src/ui/Dockerfile
@ -46,8 +46,7 @@ RUN apk add --no-cache bash unzip libmagic mariadb-connector-c mariadb-client po
  adduser -h /var/cache/nginx -g ui -s /bin/bash -G ui -D -H -u 101 ui

 # Fix CVEs
-RUN apk add --no-cache "libcrypto3>=3.3.2-r1" "libssl3>=3.3.2-r1" "openssl>=3.3.2-r1" # CVE-2024-6119
-RUN apk add --no-cache "libpq>=16.4-r0" "postgresql16-client" # CVE-2024-7348
+RUN apk add --no-cache "libcrypto3>=3.3.2-r1" "libssl3>=3.3.2-r1" # CVE-2024-9143

 # Copy dependencies
 COPY --from=builder --chown=0:101 /usr/share/bunkerweb /usr/share/bunkerweb