Don't wait for alpine to build image with security fixes

hashicorp · Nov 17, 2023 · 89056d3 · 89056d3
1 parent ee25293
commit 89056d3
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/Dockerfile b/Dockerfile
@@ -26,7 +26,13 @@ LABEL revision=$PRODUCT_REVISION
 ARG UID=100
 ARG GID=1000
 # Create a non-root user to run the software.
-RUN addgroup -g ${GID} ${BIN_NAME} \
+# Install security updates not included in alpine:3.18.4.
+# libcrypto3: CVE-2023-5363 CVE-2023-5678
+# libssl3: CVE-2023-5363 CVE-2023-5678
+RUN apk --no-cache upgrade \
+    libcrypto3 \
+    libssl3 \
+    && addgroup -g ${GID} ${BIN_NAME} \
     && adduser -u ${UID} -S -G ${BIN_NAME} ${BIN_NAME}
 
 # where the build system stores the builds