#14 Upgrade zlib to fix CVE-2018-25032

cloudogu · Apr 6, 2022 · 2a3aac5 · 2a3aac5
1 parent adcf263
commit 2a3aac5
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 8 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,14 +6,18 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+### Fixed
+- Upgrade zlib to fix [CVE-2018-25032](https://security.alpinelinux.org/vuln/CVE-2018-25032); #13
+- Upgrade ssl libraries to 1.1-1.1.1n-r0 and fix [CVE-2022-0778](https://security.alpinelinux.org/vuln/CVE-2022-0778)
 
 ### Changed
+- Upgrade base image to 3.15.3-1
+- Changes in the CI process
+   - Update dogu-build-lib to `v1.1.1`
+   - Update zalenium-build-lib to `v2.1.0`
+   - toggle video recording with build parameter (#4)
 
-- Update dogu-build-lib to `v1.1.1`
-- Update zalenium-build-lib to `v2.1.0`
-- toggle video recording with build parameter (#4)
-
-## [v3.25.0-1] - 2020-05-26
+## [v3.25.0-2] - 2020-05-26
 ### Added
 - added template for the index page
 - added etcd key to set the SwaggerValidator

diff --git a/Dockerfile b/Dockerfile
@@ -7,15 +7,16 @@ RUN npm i
 COPY / /usr/share/build/
 RUN npm run build
 
-FROM registry.cloudogu.com/official/base:3.10.3-2
+FROM registry.cloudogu.com/official/base:3.15.3-1
 LABEL NAME="official/swaggerui" \
       VERSION="3.25.0-2" \
-      maintainer="christian.beyer@cloudogu.com"
+      maintainer="hello@cloudogu.com"
 
 ENV SERVICE_TAGS=webapp
 
-RUN set -x \
+RUN set -x -o errexit -o nounset -o pipefail \
  && apk update \
+ && apk upgrade \
  # install required packages
  && apk --update add openssl pcre zlib nginx \
  # change owner of nginx binary