From 5251109517aa0d294e39bf809600343d8ff29ecb Mon Sep 17 00:00:00 2001
From: Nicolas Favre-Felix <n.favrefelix@gmail.com>
Date: Thu, 10 Aug 2023 09:44:12 -0700
Subject: [PATCH] Update alpine base image, OpenSSL version

This addresses multiple vulnerabilities found in OpenSSL, which is
bundled in the Docker image to allow Webdis to connect to Redis over a
secure TLS connection. Full list of CVEs to be published in the
upcoming release notes for Webdis 0.1.22.
---
 Dockerfile | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index e238eb7..eb25acc 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.17.1 AS stage
+FROM alpine:3.18.3 AS stage
 LABEL maintainer="Nicolas Favre-Felix <n.favrefelix@gmail.com>"
 
 RUN apk update && apk add wget make gcc libevent-dev msgpack-c-dev musl-dev openssl-dev bsd-compat-headers jq
@@ -9,11 +9,11 @@ RUN cd webdis-$(cat latest) && make && make install && make clean && make SSL=1
 RUN sed -i -e 's/"daemonize":.*true,/"daemonize": false,/g' /etc/webdis.prod.json
 
 # main image
-FROM alpine:3.17.1
+FROM alpine:3.18.3
 # Required dependencies, with versions fixing known security vulnerabilities
 RUN apk update && apk add libevent msgpack-c openssl \
-    'redis>=6.2.10' 'libssl3>=3.0.8-r0' 'libcrypto3>=3.0.8-r1' \
-    'libssl1.1' 'libcrypto1.1>=1.1.1t-r0' && \
+    'redis>=6.2.10' 'libssl3>=3.0.10-r0' 'libcrypto3>=3.0.10-r0' \
+    'libssl1.1' 'libcrypto1.1>=1.1.1u-r1' && \
     rm -f /var/cache/apk/* /usr/bin/redis-benchmark /usr/bin/redis-cli
 COPY --from=stage /usr/local/bin/webdis /usr/local/bin/webdis-ssl /usr/local/bin/
 COPY --from=stage /etc/webdis.prod.json /etc/webdis.prod.json