Security vulnerability in current strapi/base

strapi / strapi-docker

Install and run your first Strapi project using Docker

https://strapi.io

MIT License

1.16k stars 447 forks source link

Security vulnerability in current strapi/base #314

Open iapain opened 2 years ago

iapain commented 2 years ago

Latest strapi/base is based on older node-14 which is based on alpine-3.11.11 which contain a critical security vulnerability: CVE-2021-3711

Resolution: Update to node:14.7.6

ChristianHeimke commented 2 years ago

@iapain as I wrote here: https://github.com/strapi/strapi-docker/issues/318#issuecomment-939418309 strapi docker images didn't support rebuilding. If you need to fix the issue you have to rebuild it on your own. I made a PR #319 to use github actions - they build the images with the latest base images, maybe sometimes it will be used.