CRITICAL apk-tools (fixed in: 2.10.7-r0) CVE-2021-36159
HIGH apk-tools (fixed in: 2.10.6-r0) CVE-2021-30139
Upgrading apk-tools 2.10.5-r0 -> 2.10.8-r0 in Alpine 3.11 image.
Issue-Id: RIC-828
Change-Id: I274e18254bdae7784ed1e25e5469bd09b7b43cc5
Signed-off-by: Petri Ovaska <petri.ovaska@nokia.com>
# This file is expected to be in the docker build directory;
# can be moved with suitable JJB configuration.
---
-tag: '0.5.2'
+tag: '0.5.3'
FROM redis:5.0.9-alpine3.11 as build
-RUN apk --update add --upgrade --no-cache openssl ssl_client musl-utils busybox
+RUN apk --update add --upgrade --no-cache \
+ apk-tools \
+ openssl \
+ ssl_client \
+ musl-utils \
+ busybox
COPY --from=build-env /usr/local/libexec/redismodule/libredismodule.so /usr/local/libexec/redismodule/libredismodule.so
WORKDIR /data
Version history
---------------
+[0.5.3] - 2021-08-26
+
+* Upgrade apk-tools to fix security vulnerabilities CVE-2021-36159 and CVE-2021-30139.
+
[0.5.2] - 2021-06-04
* Upgrade packages to fix possible security vulnerability reported in Alpine base image.