Update libcrypto, as recommended by snyk

Fixes https://snyk.io/vuln/SNYK-ALPINE311-OPENSSL-587980 Even though webdis doesn't use TLS, some images could be built from the webdis image and therefore use a vulnerable version of openssl. The fix is in version 1.1.1g and Alpine currently has 1.1.1i. After this change, snyk no longer report any know vulnerabilities in the Docker image.
4 years ago · 9c1f900332
parent 9f4a2093a6
commit 9c1f900332
1 changed files with 2 additions and 1 deletions
--- a/3
+++ b/3
@ -10,7 +10,8 @@ RUN sed -i -e 's/"daemonize":.*true,/"daemonize": false,/g' /etc/webdis.prod.jso

 # main image
 FROM alpine:3.12.3
-RUN apk update && apk add libevent msgpack-c redis
+RUN apk update && apk add libevent msgpack-c redis       # Required dependencies
+RUN apk add libcrypto1.1                                 # Security updates
 COPY --from=stage /usr/local/bin/webdis /usr/local/bin/
 COPY --from=stage /etc/webdis.prod.json /etc/webdis.prod.json
 RUN echo "daemonize yes" >> /etc/redis.conf