Current version of NGINX 1.18 has security vulnerability CVE-2021-23017

phusion / passenger-docker

Docker base images for Ruby, Python, Node.js and Meteor web apps

MIT License

2.78k stars 408 forks source link

Current version of NGINX 1.18 has security vulnerability CVE-2021-23017 #323

Closed jopotts closed 3 years ago

jopotts commented 3 years ago

Is there any timeline for updating the version of NGINX?

https://www.nginx.com/blog/updating-nginx-dns-resolver-vulnerability-cve-2021-23017

CamJN commented 3 years ago

fixed in latest images

jopotts commented 3 years ago

Thank you for looking into this issue @CamJN. I've checked and can't see any indication of you having applied a patch to nginx 1.18 though. Do you have a link to a commit?

The vulnerability has been raised by Zoom on our service, and they are requesting we upgrade to at least 1.20.1 to include the patch (see link in original comment).

CamJN commented 3 years ago

Ubuntu applied the patches: https://launchpad.net/ubuntu/+source/nginx/1.18.0-0ubuntu1.2

jopotts commented 3 years ago

Amazing. Thank you for the link!