fix: update gems to prevent vulnerabilities

Including: - bundler: CVE-2021-43809 - cgi: CVE-2021-41816 - date: CVE-2021-41817 - rdoc: CVE-2021-31799 - rexml: CVE-2021-28965
SumoLogic · Jan 10, 2022 · ff35d2b · ff35d2b
1 parent 36cf36a
commit ff35d2b
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 4 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,5 +1,5 @@
 ARG FLUENTD_ARCH
-FROM ruby:2.6.8-buster AS builder
+FROM ruby:2.6.9-buster AS builder
 
 # Dependencies
 RUN apt-get update \
@@ -14,6 +14,13 @@ RUN apt-get update \
         sudo \
         unzip
 
+# Update Ruby gems to prevent vulnerabilities
+RUN gem install \
+        bundler:2.3.4 \
+        date:2.0.1 \
+        rdoc:6.4.0 \
+        rexml:3.2.5
+
 # Fluentd plugin dependencies
 RUN gem install \
         fluentd:1.12.2 \
@@ -102,7 +109,6 @@ RUN apt-get update \
         libsnappy-dev \
         curl \
         jq \
- && gem install rdoc -v 6.3.1 \
  && gem cleanup \
  && rm -rf /var/lib/apt/lists/ \
  && rm -rf /var/lib/dpkg/info/

diff --git a/alpine.Dockerfile b/alpine.Dockerfile
@@ -1,4 +1,4 @@
-FROM ruby:2.6.8-alpine3.14 AS builder
+FROM ruby:2.7.5-alpine3.14 AS builder
 
 RUN apk update \
  && apk add \
@@ -11,6 +11,13 @@ RUN apk update \
 
 RUN echo 'gem: --no-document' >> /etc/gemrc
 
+# Update Ruby gems to prevent vulnerabilities
+RUN gem install \
+        bundler:2.3.4 \
+        cgi:0.3.1 \
+        rdoc:6.4.0 \
+        rexml:3.2.5
+
 # Fluentd plugin dependencies
 RUN gem install \
         async-http:0.54.0 \
@@ -91,7 +98,7 @@ RUN gem install \
         --local fluent-plugin-prometheus-format \
         --local fluent-plugin-protobuf
 
-FROM ruby:2.6.8-alpine3.14
+FROM ruby:2.7.5-alpine3.14
 
 RUN apk update \
  && apk add --no-cache \