#56 Fix zlib CVE-2018-25032, upgrade packages every build

cloudogu · Apr 5, 2022 · 1c76a5d · 1c76a5d
1 parent 3090c76
commit 1c76a5d
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Added
 - Configuration of feedback url via cesapp ([#54](https://github.com/cloudogu/scm/pull/54))
 
+### Changed
+- Upgrade base image to 11.0.14-3
+
+### Fixed
+- Fix zlib CVE-2018-25032 by upgrading to version 1.2.12-r0; #56
+
 ## [2.32.2-1]
 ### Changed
 - Set explicit configuration for EasyRedmine

diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM registry.cloudogu.com/official/java:11.0.14-1
+FROM registry.cloudogu.com/official/java:11.0.14-3
 LABEL maintainer="sebastian.sdorra@cloudogu.com"
 
 ARG SCM_PKG_URL=https://packages.scm-manager.org/repository/releases/sonia/scm/packaging/unix/2.32.2/unix-2.32.2.tar.gz
@@ -23,7 +23,11 @@ ENV SCM_HOME=/var/lib/scm \
     SERVICE_8080_NAME="scm"
 
 ## install scm-server
-RUN set -x \
+RUN set -o errexit \
+    && set -o nounset \
+    && set -o pipefail \
+    && apk update \
+    && apk upgrade \
     && apk add --no-cache graphviz ttf-dejavu mercurial jq unzip \
     && curl --fail  -Lks ${SCM_PKG_URL} -o /tmp/scm-server.tar.gz \
     && echo "${SCM_PKG_SHA256} */tmp/scm-server.tar.gz" | sha256sum -c - \