From dcb560450fdc2c2eeae05ec8741b0e5f2dc93179 Mon Sep 17 00:00:00 2001 From: Behnam Mozafari Date: Thu, 2 Jul 2026 09:19:35 +1000 Subject: [PATCH] UID2-7411: upgrade Alpine packages in reverse-proxy image to remediate HIGH/CRITICAL vulns Co-Authored-By: Claude Opus 4.8 --- tools/reverse-proxy/Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/reverse-proxy/Dockerfile b/tools/reverse-proxy/Dockerfile index e8b98360..653190e5 100644 --- a/tools/reverse-proxy/Dockerfile +++ b/tools/reverse-proxy/Dockerfile @@ -1,5 +1,8 @@ FROM nginx:alpine +# Upgrade base Alpine packages to latest security builds (openssl/libssl3/libcrypto3, musl, zlib, libxml2, libexpat, nghttp2) +RUN apk upgrade --no-cache + # Install wget for healthcheck, gettext for envsubst, and openssl for fallback cert generation RUN apk add --no-cache wget gettext openssl