Skip to content

Update package for CVE-2023-52425 #1569

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 13, 2024
Merged

Update package for CVE-2023-52425 #1569

merged 1 commit into from
Feb 13, 2024

Conversation

lucacome
Copy link
Contributor

@lucacome lucacome commented Feb 13, 2024
edited
Loading

Proposed changes

Problem: There's a new CVE in the base image, but since Docker is caching the layer, apk update && apk upgrade doesn't have any effect.

Solution: Only upgrade the affected package. This will invalidate the cache and only upgrade the package with a CVE. This also makes the build somewhat reproducible since we're not updating all the packages at build time.

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING doc
  • I have added tests that prove my fix is effective or that my feature works
  • I have checked that all unit tests pass after adding my changes
  • I have updated necessary documentation
  • I have rebased my branch onto main
  • I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

@lucacome lucacome self-assigned this Feb 13, 2024
@lucacome lucacome requested a review from a team as a code owner February 13, 2024 01:14
@github-actions github-actions bot added the chore Pull requests for routine tasks label Feb 13, 2024
@lucacome
Update package for CVE-2023-52425
e6334db 
Problem: There's a new CVE in the base image, but since Docker is
caching the layer, `apk update && apk upgrade` doesn't have any effect.

Solution: Only upgrade the affected package. This will invalidate the
cache and only upgrade the package with a CVE. This also makes the build
somewhat reproducible since we're not updating all the packages at build
time.
@lucacome lucacome enabled auto-merge (squash) February 13, 2024 17:40
@lucacome lucacome merged commit 5052513 into nginx:main Feb 13, 2024
@lucacome lucacome deleted the chore/fix-cves branch February 13, 2024 18:37
miledxz added a commit to miledxz/nginx-gateway-fabric that referenced this pull request Jan 14, 2025
@miledxz
Update package for CVE-2023-52425 (nginx#1569)
1ba93d0 
Problem: There's a new CVE in the base image, but since Docker is
caching the layer, `apk update && apk upgrade` doesn't have any effect.

Solution: Only upgrade the affected package. This will invalidate the
cache and only upgrade the package with a CVE. This also makes the build
somewhat reproducible since we're not updating all the packages at build
time.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sjberman sjberman sjberman approved these changes

@kate-osborn kate-osborn kate-osborn approved these changes

Assignees

@lucacome lucacome

Labels
chore Pull requests for routine tasks
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@lucacome @sjberman @kate-osborn