Alpine 3.12.4 uses a vulnerable version of libssl1.1
(CVE-2021-3449 and CVE-2021-3450), issues that are fixed in Alpine
3.12.5. This is not really a problem for Webdis since it doesn't use
SSL, but the vulnerability shows up on image scans and users who build
images with Webdis as the base image could be at risk if their own
changes depend on this library.
Fixes https://snyk.io/vuln/SNYK-ALPINE311-OPENSSL-587980
Even though webdis doesn't use TLS, some images could be built from the
webdis image and therefore use a vulnerable version of openssl. The fix
is in version 1.1.1g and Alpine currently has 1.1.1i.
After this change, snyk no longer report any know vulnerabilities in the
Docker image.
The Dockerfile used to refer to the latest published tag for Webdis.
This meant updating the file every time a new release was published.
This change uses the GitHub API to find the latest tag before
downloading and building the corresponding release.
* Change base image to Alpine 3.11.3
* Use multi-stage build (reducing size from 276 MB to 9.5 MB)
* Change Makefile to build with -O3 instead of -O0 -ggdb
Nicolas Favre-Felix
Jessie Murray