Skip to content

Commit

Permalink
CVE-2024-28182: manually bumps libnghttp2 to 1.43.0-5.el9_4.3 until f…
Browse files Browse the repository at this point in the history 
…ixed in the base image
  • Loading branch information
@guicassolato
guicassolato committed Jun 3, 2024
1 parent dc90ac8 commit 4f5c087
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@
# https://catalog.redhat.com/software/containers/ubi9/go-toolset
FROM registry.access.redhat.com/ubi9/go-toolset:1.21 AS builder
USER root

# CVE-2024-28182 | TODO: Remove it once fixed in the base image
RUN dnf --assumeyes install --nodocs libnghttp2-1.43.0-5.el9_4.3

WORKDIR /usr/src/authorino
COPY ./ ./
ARG version=latest
Expand All @@ -11,6 +15,9 @@ RUN CGO_ENABLED=0 GO111MODULE=on go build -a -ldflags "-X main.version=${version
# https://catalog.redhat.com/software/containers/ubi9-minimal
FROM registry.access.redhat.com/ubi9-minimal:latest

# CVE-2024-28182 | TODO: Remove it once fixed in the base image
RUN microdnf --assumeyes install --nodocs libnghttp2-1.43.0-5.el9_4.3

# shadow-utils is required for `useradd`
RUN PKGS="shadow-utils" \
&& microdnf --assumeyes install --nodocs $PKGS \
Expand Down

0 comments on commit 4f5c087

Please sign in to comment.