fleet/tools/fleet-docker/Dockerfile at 5263e95067fea758da1b4e2753affc8942da7080 - Elgato_dark/fleet - Forgejo: Beyond coding. We Forge.

Elgato_dark/fleet

mirror of https://github.com/fleetdm/fleet synced 2026-04-21 21:47:20 +00:00

Lucas Manuel Rodriguez ae00add76e

Update alpine to patch vulnerability with severity "HIGH" (#26593 )

The vulnerability was posted by a prospect.

Posting manual command until we get #25902 done.
```sh
trivy image --ignore-unfixed --pkg-types os,library --severity CRITICAL,HIGH --show-suppressed fleetdm/fleet:v4.64.1
[...]
fleetdm/fleet:v4.64.1 (alpine 3.21.0)

Total: 2 (HIGH: 2, CRITICAL: 0)

┌────────────┬────────────────┬──────────┬────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────┐
│  Library   │ Vulnerability  │ Severity │ Status │ Installed Version │ Fixed Version │                          Title                           │
├────────────┼────────────────┼──────────┼────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────┤
│ libcrypto3 │ CVE-2024-12797 │ HIGH     │ fixed  │ 3.3.2-r4          │ 3.3.3-r0      │ openssl: RFC7250 handshakes with unauthenticated servers │
│            │                │          │        │                   │               │ don't abort as expected                                  │
│            │                │          │        │                   │               │ https://avd.aquasec.com/nvd/cve-2024-12797               │
├────────────┤                │          │        │                   │               │                                                          │
│ libssl3    │                │          │        │                   │               │                                                          │
│            │                │          │        │                   │               │                                                          │
│            │                │          │        │                   │               │                                                          │
└────────────┴────────────────┴──────────┴────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────┘
```

2025-02-25 18:33:24 -03:00

14 lines

331 B

Docker

Raw Blame History

 FROM alpine:3.21.3@sha256:a8560b36e8b8210634f77d9f7f9efd7ffa463e380b75e2e74aff4511df3ef88c
 LABEL maintainer="Fleet Developers"
 RUN apk --update add ca-certificates
 RUN apk --no-cache add jq
 # Create fleet group and user
 RUN addgroup -S fleet && adduser -S fleet -G fleet
 USER fleet
 COPY fleet /usr/bin/
 CMD ["fleet", "serve"]