[FOLIO-3900] Run apk upgrade in mod-spring-petstore Dockerfile to fix security vulnerabilities Created: 21/Sep/23  Updated: 28/Sep/23

Status: Open
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Bug Priority: P3
Reporter: Julian Ladisch Assignee: Viachaslau Khandramai (Inactive)
Resolution: Unresolved Votes: 0
Labels: security, security-reviewed
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Sprint:
Development Team: Spring Force
RCA Group: Related dependency upgrade

 Description   

This issue is about https://github.com/folio-org/folio-sample-modules/blob/master/mod-spring-petstore/Dockerfile

https://github.com/folio-org/folio-tools/tree/master/folio-java-docker/openjdk17#sample-module-dockerfile suggests:

Install latest patch versions of packages: https://pythonspeed.com/articles/security-updates-in-docker/

If not running apk upgrade the module may ship with vulnerable Alpine packages even when fixed packages are available.

Task: Copy the sample Dockerfile from https://github.com/folio-org/folio-tools/tree/master/folio-java-docker/openjdk17#sample-module-dockerfile into https://github.com/folio-org/folio-sample-modules/blob/master/mod-spring-petstore/Dockerfile



 Comments   
Comment by Craig McNally [ 28/Sep/23 ]

While this isn't production code, the Security Team feels it's important to get this updated since it serves as an example for module developers.

Generated at Thu Feb 08 23:31:37 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.