viaprog/seaweedfs
1
0
Fork 0
mirror of https://github.com/seaweedfs/seaweedfs.git synced 2026-06-13 23:36:45 +03:00
Code Issues Packages Projects Releases Wiki Activity

build(docker): upgrade all Alpine packages in final image (#9070)

Browse Source 
build(docker): apply full apk upgrade in final image to pick up security patches

Trivy flagged CVE-2026-28390 (libcrypto3/libssl3) on the published image
because the final stage only upgraded zlib. Broaden to `apk upgrade
--no-cache` so all Alpine security fixes land at build time.
This commit is contained in:
Chris Lu
2026-04-14 02:08:15 -07:00
committed by GitHub
parent ad2aa3135c
commit 9859f5fafc
4 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docker/Dockerfile.go_build
+1 -1
View File
@@ -56,7 +56,7 @@ COPY --from=builder /go/src/github.com/seaweedfs/seaweedfs/docker/entrypoint.sh
# To disable: docker run -e GODEBUG=fips140=off ...
# Install dependencies and create non-root user
RUN apk upgrade --no-cache zlib && \
RUN apk upgrade --no-cache && \
apk add --no-cache fuse curl su-exec libgcc libcrypto3 libssl3 && \
addgroup -g 1000 seaweed && \
adduser -D -u 1000 -G seaweed seaweed
docker/Dockerfile.local
+1 -1
View File
@@ -7,7 +7,7 @@ COPY ./filer.toml /etc/seaweedfs/filer.toml
COPY ./entrypoint.sh /entrypoint.sh
# Install dependencies and create non-root user
RUN apk upgrade --no-cache zlib && \
RUN apk upgrade --no-cache && \
apk add --no-cache fuse curl su-exec && \
addgroup -g 1000 seaweed && \
adduser -D -u 1000 -G seaweed seaweed
docker/Dockerfile.rocksdb_large
+1 -1
View File
@@ -34,7 +34,7 @@ COPY --from=builder /go/src/github.com/seaweedfs/seaweedfs/docker/filer_rocksdb.
COPY --from=builder /go/src/github.com/seaweedfs/seaweedfs/docker/entrypoint.sh /entrypoint.sh
# Install dependencies and create non-root user
RUN apk upgrade --no-cache zlib && \
RUN apk upgrade --no-cache && \
apk add --no-cache fuse snappy gflags curl su-exec && \
addgroup -g 1000 seaweed && \
adduser -D -u 1000 -G seaweed seaweed
docker/Dockerfile.rocksdb_large_local
+1 -1
View File
@@ -17,7 +17,7 @@ COPY --from=builder /go/src/github.com/seaweedfs/seaweedfs/docker/filer_rocksdb.
COPY --from=builder /go/src/github.com/seaweedfs/seaweedfs/docker/entrypoint.sh /entrypoint.sh
# Install dependencies and create non-root user
RUN apk upgrade --no-cache zlib && \
RUN apk upgrade --no-cache && \
apk add --no-cache fuse snappy gflags curl tmux su-exec && \
addgroup -g 1000 seaweed && \
adduser -D -u 1000 -G seaweed seaweed