-
Notifications
You must be signed in to change notification settings - Fork 406
DL3035
Moritz Röhrich edited this page Oct 21, 2020
·
1 revision
FROM opensuse/leap:15.2
RUN zypper update -y
FROM opensuse/leap:15.2
RUN zypper install -y httpd\>=2.4 && zypper clean
RUN zypper patch --cve=cve-2015-7547 && zypper clean
See DL3031, DL3005. Problems include:
- Updates failing on packages from base images in unprivileged containers
- Inconsistencies between builds producing problems for application developers
This rule lints against blanket updates and dist-upgrades, but allows more specific updates by two methods:
- use
zypper install -y $PACKAGE>=$VERSION
to upgrade a particular package, giving a version requirement. - use
zypper patch
to mitigate particular security vulnerabilities.