[FOLIO-3900] Run apk upgrade in mod-spring-petstore Dockerfile to fix security vulnerabilities Created: 21/Sep/23 Updated: 28/Sep/23 |
|
| Status: | Open |
| Project: | FOLIO |
| Components: | None |
| Affects versions: | None |
| Fix versions: | None |
| Type: | Bug | Priority: | P3 |
| Reporter: | Julian Ladisch | Assignee: | Viachaslau Khandramai (Inactive) |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | security, security-reviewed | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Sprint: | |
| Development Team: | Spring Force |
| RCA Group: | Related dependency upgrade |
| Description |
|
This issue is about https://github.com/folio-org/folio-sample-modules/blob/master/mod-spring-petstore/Dockerfile Install latest patch versions of packages: https://pythonspeed.com/articles/security-updates-in-docker/ If not running apk upgrade the module may ship with vulnerable Alpine packages even when fixed packages are available. Task: Copy the sample Dockerfile from https://github.com/folio-org/folio-tools/tree/master/folio-java-docker/openjdk17#sample-module-dockerfile into https://github.com/folio-org/folio-sample-modules/blob/master/mod-spring-petstore/Dockerfile |
| Comments |
| Comment by Craig McNally [ 28/Sep/23 ] |
|
While this isn't production code, the Security Team feels it's important to get this updated since it serves as an example for module developers. |