Update Dockerfile base image to address libssl3 vulnerability #346
Assignees
Labels
dependencies
Pull requests that update a dependency file
Comments
daniil-nedostup
added a commit
that referenced
this issue
Aug 23, 2024
10 tasks
MykolaMarusenko
pushed a commit
that referenced
this issue
Aug 23, 2024
github-project-automation
bot
moved this to Done
in KubeRocketCI (EPAM Delivery Platform)
SergK
added
dependencies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
The current Dockerfile in the repository uses the base image epamedp/headlamp:0.22.23, which is based on alpine:3.18. This version of Alpine Linux includes the package libssl3-3.1.5-r0, which has a known vulnerability (CVE-2024-5535 and CVE-2024-4741). This presents a potential security risk.
Describe the solution you'd like
Update the Dockerfile to use a newer version of the base image that includes libssl3-3.1.6-r0 or later. This update should mitigate the vulnerability by ensuring the image is built with a secure version of the libssl3 package.
Describe alternatives you've considered
As an alternative, consider rebuilding the epamedp/headlamp image from a different Alpine version that already includes the patched libssl3 package or using another base image that does not have the vulnerability.
Additional context
It is essential to address this vulnerability promptly to maintain the security standards of the repository. Updating the base image will ensure the application is secure and free from known vulnerabilities.
The text was updated successfully, but these errors were encountered: