[FOLIO-3631] platform-minimal Dockerfile apk upgrade fixing curl Created: 08/Nov/22  Updated: 08/Nov/22  Resolved: 08/Nov/22

Status: Closed
Project: FOLIO
Components: Continuous Integration
Affects versions: None
Fix versions: None

Type: Bug Priority: TBD
Reporter: Julian Ladisch Assignee: Julian Ladisch
Resolution: Done Votes: 0
Labels: security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Issue links:
Relates
relates to FOLIO-3633 platform-core Dockerfile apk upgrade ... Closed
relates to FOLIO-3634 platform-complete Dockerfile apk upgr... Closed
Sprint:
Development Team: Stripes Force
RCA Group: Related dependency upgrade

 Description   

Use apk upgrade in https://github.com/folio-org/platform-minimal/blob/master/docker/Dockerfile
to nstall latest patch versions of packages:
https://pythonspeed.com/articles/security-updates-in-docker/

This will upgrade curl fixing Double Free and Cleartext Transmission of Sensitive Information:
https://www.cve.org/CVERecord?id=CVE-2022-42915
https://www.cve.org/CVERecord?id=CVE-2022-42916
https://security.snyk.io/vuln/SNYK-ALPINE316-CURL-3063711


Generated at Thu Feb 08 23:29:32 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.