NginxProxyManager / nginx-proxy-manager

Docker container for managing Nginx proxy hosts with a simple, powerful interface
https://nginxproxymanager.com
MIT License
23.35k stars 2.7k forks source link

OpenSSL Vulnerabilities - CVE-2021-3449 and CVE-2021-3450 #1011

Open Wadera opened 3 years ago

Wadera commented 3 years ago

Describe the bug

https://www.openssl.org/news/vulnerabilities.html

# docker-compose down && docker-compose up -d
# docker exec -it 673b6dcfa45a  /bin/bash
 _   _       _            ____                      __  __
| \ | | __ _(_)_ __ __  _|  _ \ _ __ _____  ___   _|  \/  | __ _ _ __   __ _  __ _  ___ _ __
|  \| |/ _` | | '_ \\ \/ / |_) | '__/ _ \ \/ / | | | |\/| |/ _` | '_ \ / _` |/ _` |/ _ \ '__|
| |\  | (_| | | | | |>  <|  __/| | | (_) >  <| |_| | |  | | (_| | | | | (_| | (_| |  __/ |
|_| \_|\__, |_|_| |_/_/\_\_|   |_|  \___/_/\_\\__, |_|  |_|\__,_|_| |_|\__,_|\__, |\___|_|
       |___/                                  |___/                          |___/
Version 2.7.1 (72ac549) 2020-11-18 23:10:17 AEST, OpenResty 1.15.8.3, Alpine 3.12.0, Kernel 5.4.103-1-pve

[root@docker-673b6dcfa45a:/app]# openssl version
OpenSSL 1.1.1g  21 Apr 2020

Expected behavior Get OpenSSL 1.1.1k version or never.

github-actions[bot] commented 8 months ago

Issue is now considered stale. If you want to keep it open, please comment :+1: