Update alpine version (Security Issues Reported)

We-Amp / ngx-pagespeed-alpine

ngx_pagespeed docker image for Alpine. Moved over to https://github.com/apache/incubator-pagespeed-ngx/tree/master/docker

Apache License 2.0

35 stars 26 forks source link

Update alpine version (Security Issues Reported) #17

Closed nbluis closed 4 years ago

nbluis commented 4 years ago

Hi.

The current docker base image is ALPINE 3.8 and this version have some critical security issues reported.

The high severity issues reported by aws vulnerability scanner are: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20843 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11068 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14697

Can you please try to upgrade the alpine version to a newer image ?

oschaaf commented 4 years ago

This project has moved over to https://github.com/apache/incubator-pagespeed-ngx/tree/master/docker

You could file an issue there. However, it looks like no-one seems interested in maintaining that docker image these days, so possibly we should just drop it from the project altogether. I have no idea what the effort would be to move towards a later alpine version.