mirror of
https://github.com/fleetdm/fleet
synced 2026-05-24 09:28:54 +00:00
6032c137e5
Resolves #43671. Bumps the Alpine base image from 3.23.3 to 3.23.4 in the Dockerfiles that produce published images, picking up patched openssl, musl, and zlib packages. Follows the same pattern as #38977. ### CVEs resolved - HIGH: CVE-2026-28388, CVE-2026-28389, CVE-2026-28390, CVE-2026-31790, CVE-2026-2673, CVE-2026-40200 - MEDIUM: CVE-2026-27171, CVE-2026-6042, CVE-2026-22184 ### Test plan - CI image build passes. - Trivy/ECR scan on the resulting fleetdm/fleet image confirms the nine listed CVEs are gone. <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Chores** * Updated Docker base images to Alpine 3.23.4 across infrastructure and deployment components for improved stability and security. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
17 lines
792 B
Docker
17 lines
792 B
Docker
FROM golang:1.26.2-alpine3.23@sha256:80fbb8f9b2fa541a7d34378f1ad10f4f1c433817c4ed39ddb3e2f3ec3e961271
|
|
ARG TAG
|
|
RUN apk update && apk add --no-cache git
|
|
RUN git clone -b $TAG --depth=1 --no-tags --progress --no-recurse-submodules https://github.com/fleetdm/fleet.git && cd /go/fleet/tools/mdm/migration/mdmproxy && go build .
|
|
|
|
FROM alpine:3.23.4@sha256:5b10f432ef3da1b8d4c7eb6c487f2f5a8f096bc91145e68878dd4a5019afde11
|
|
LABEL maintainer="Fleet Developers"
|
|
|
|
RUN apk update && apk add --no-cache tini
|
|
COPY --from=0 /go/fleet/tools/mdm/migration/mdmproxy/mdmproxy /usr/bin/mdmproxy
|
|
ADD --chmod=0755 ./entrypoint.sh /usr/bin/entrypoint.sh
|
|
|
|
# Create mdmproxy group and user
|
|
RUN addgroup -S mdmproxy && adduser -S mdmproxy -G mdmproxy
|
|
USER mdmproxy
|
|
|
|
ENTRYPOINT ["/sbin/tini", "/usr/bin/entrypoint.sh"]
|