[MODCITEM-2] Run apk upgrade in Dockerfile to fix security vulnerabilities Created: 21/Sep/23  Updated: 22/Sep/23  Resolved: 22/Sep/23

Status: Closed
Project: mod-circulation-item
Components: None
Affects versions: None
Fix versions: None

Type: Bug Priority: TBD
Reporter: Julian Ladisch Assignee: Gurleen Kaur1
Resolution: Done Votes: 0
Labels: back-end, security
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Sprint: Volaris Sprint 174
Development Team: Volaris
RCA Group: Related dependency upgrade

 Description   

https://github.com/folio-org/folio-tools/tree/master/folio-java-docker/openjdk17#sample-module-dockerfile suggests:

Install latest patch versions of packages: https://pythonspeed.com/articles/security-updates-in-docker/

If not running apk upgrade mod-circulation-item may ship with vulnerable Alpine packages even when fixed packages are available.


Generated at Thu Feb 08 22:23:52 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.