Uploaded image for project: 'FOLIO'
  1. FOLIO
  2. FOLIO-3523

Fix Out-of-bounds Read in folio-ansible stripes Dockerfile

    XMLWordPrintable

Details

    • DevOps Sprint 142, DevOps Sprint 144, DevOps Sprint 145
    • FOLIO DevOps
    • TBD

    Description

      nginx:stable-alpine in https://github.com/folio-org/folio-ansible/blob/master/roles/stripes-docker/templates/Dockerfile.j2 contains

      pcre2/pcre2@10.39-r0

      that has Out-of-bounds Read vulnerabilities:

      A fix is available:

      pcre2/pcre2@10.40-r0

      However, nginx:stable-alpine doesn't immediately get security fixes: https://github.com/nginxinc/docker-nginx/issues/671

      Therefore RUN apk --no-cache upgrade is needed.

      TestRail: Results

        Attachments

          Activity

            People

              malc John Malconian
              julianladisch Julian Ladisch
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                TestRail: Runs

                  TestRail: Cases