From ff35d2b3093e531743abfe8a20eba83a03402165 Mon Sep 17 00:00:00 2001 From: Andrzej Stencel Date: Mon, 10 Jan 2022 16:34:39 +0100 Subject: [PATCH] fix: update gems to prevent vulnerabilities Including: - bundler: CVE-2021-43809 - cgi: CVE-2021-41816 - date: CVE-2021-41817 - rdoc: CVE-2021-31799 - rexml: CVE-2021-28965 --- Dockerfile | 10 ++++++++-- alpine.Dockerfile | 11 +++++++++-- 2 files changed, 17 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 84e4f6af..5520d6c5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ ARG FLUENTD_ARCH -FROM ruby:2.6.8-buster AS builder +FROM ruby:2.6.9-buster AS builder # Dependencies RUN apt-get update \ @@ -14,6 +14,13 @@ RUN apt-get update \ sudo \ unzip +# Update Ruby gems to prevent vulnerabilities +RUN gem install \ + bundler:2.3.4 \ + date:2.0.1 \ + rdoc:6.4.0 \ + rexml:3.2.5 + # Fluentd plugin dependencies RUN gem install \ fluentd:1.12.2 \ @@ -102,7 +109,6 @@ RUN apt-get update \ libsnappy-dev \ curl \ jq \ - && gem install rdoc -v 6.3.1 \ && gem cleanup \ && rm -rf /var/lib/apt/lists/ \ && rm -rf /var/lib/dpkg/info/ diff --git a/alpine.Dockerfile b/alpine.Dockerfile index 6220576f..379b87de 100644 --- a/alpine.Dockerfile +++ b/alpine.Dockerfile @@ -1,4 +1,4 @@ -FROM ruby:2.6.8-alpine3.14 AS builder +FROM ruby:2.7.5-alpine3.14 AS builder RUN apk update \ && apk add \ @@ -11,6 +11,13 @@ RUN apk update \ RUN echo 'gem: --no-document' >> /etc/gemrc +# Update Ruby gems to prevent vulnerabilities +RUN gem install \ + bundler:2.3.4 \ + cgi:0.3.1 \ + rdoc:6.4.0 \ + rexml:3.2.5 + # Fluentd plugin dependencies RUN gem install \ async-http:0.54.0 \ @@ -91,7 +98,7 @@ RUN gem install \ --local fluent-plugin-prometheus-format \ --local fluent-plugin-protobuf -FROM ruby:2.6.8-alpine3.14 +FROM ruby:2.7.5-alpine3.14 RUN apk update \ && apk add --no-cache \