From 9c1f900332b50d2c6abfa9ba3ac6e92609a32d33 Mon Sep 17 00:00:00 2001
From: Nicolas Favre-Felix <n.favrefelix@gmail.com>
Date: Fri, 8 Jan 2021 21:24:49 -0800
Subject: [PATCH] Update libcrypto, as recommended by snyk

Fixes https://snyk.io/vuln/SNYK-ALPINE311-OPENSSL-587980
Even though webdis doesn't use TLS, some images could be built from the
webdis image and therefore use a vulnerable version of openssl. The fix
is in version 1.1.1g and Alpine currently has 1.1.1i.
After this change, snyk no longer report any know vulnerabilities in the
Docker image.
---
 Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 74b5eaf..8efc928 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -10,7 +10,8 @@ RUN sed -i -e 's/"daemonize":.*true,/"daemonize": false,/g' /etc/webdis.prod.jso
 
 # main image
 FROM alpine:3.12.3
-RUN apk update && apk add libevent msgpack-c redis
+RUN apk update && apk add libevent msgpack-c redis       # Required dependencies
+RUN apk add libcrypto1.1                                 # Security updates
 COPY --from=stage /usr/local/bin/webdis /usr/local/bin/
 COPY --from=stage /etc/webdis.prod.json /etc/webdis.prod.json
 RUN echo "daemonize yes" >> /etc/redis.conf