nginxinc · ciarams87 · Sep 7, 2021 · Sep 6, 2021
diff --git a/build/Dockerfile b/build/Dockerfile
@@ -20,8 +20,8 @@ RUN apt-get update \
 FROM docker.io/library/nginx:1.21.1-alpine AS alpine
 
 RUN apk add --no-cache libcap \
-	# temporary fix for CVE-2021-3711
-	&& apk upgrade --no-cache libcrypto1.1 libssl1.1
+	# temporary fix for CVE-2021-33560
+	&& apk upgrade --no-cache libgcrypt
 
 
 ############################################# Base image for Alpine with NGINX Plus #############################################
@@ -32,9 +32,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/apk/cert.pem,mode=0644 \
 	--mount=type=secret,id=nginx-repo.key,dst=/etc/apk/cert.key,mode=0644 \
 	wget -nv -O /etc/apk/keys/nginx_signing.rsa.pub https://cs.nginx.com/static/keys/nginx_signing.rsa.pub \
 	&& printf "%s\n" "https://pkgs.nginx.com/plus/alpine/v$(grep -E -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" >> /etc/apk/repositories \
-	&& apk add --no-cache libcap nginx-plus~${NGINX_PLUS_VERSION#r} nginx-plus-module-njs~${NGINX_PLUS_VERSION#r} \
-	# temporary fix for CVE-2021-3711 and CVE-2021-36159
-	&& apk upgrade --no-cache libcrypto1.1 libssl1.1 apk-tools
+	&& apk add --no-cache libcap nginx-plus~${NGINX_PLUS_VERSION#r} nginx-plus-module-njs~${NGINX_PLUS_VERSION#r} 
 
 
 ############################################# Base image for Debian with NGINX Plus #############################################