#56 Upgrade zlib and fix CVE-2018-25032 for SCMM 2.32.2-1

ppxl · ppxl · commit a70bca1b9c06 · 2022-04-05T11:11:04.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,13 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+##[unreleased]
+### Changed
+- Upgrade java base image to 11.0.14-3; #56
+
+### Fixed
+- Upgrade zlib to fix CVE-2018-25032; #56
+
 ## [2.32.2-1]
 ### Changed
 - Set explicit configuration for EasyRedmine
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM registry.cloudogu.com/official/java:11.0.14-1
+FROM registry.cloudogu.com/official/java:11.0.14-3
 LABEL maintainer="sebastian.sdorra@cloudogu.com"
 
 ARG SCM_PKG_URL=https://packages.scm-manager.org/repository/releases/sonia/scm/packaging/unix/2.32.2/unix-2.32.2.tar.gz
@@ -23,7 +23,9 @@ ENV SCM_HOME=/var/lib/scm \
     SERVICE_8080_NAME="scm"
 
 ## install scm-server
-RUN set -x \
+RUN set -x -o errexit -o nounset -o pipefail \
+    && apk update \
+    && apk upgrade \
     && apk add --no-cache graphviz ttf-dejavu mercurial jq unzip \
     && curl --fail  -Lks ${SCM_PKG_URL} -o /tmp/scm-server.tar.gz \
     && echo "${SCM_PKG_SHA256} */tmp/scm-server.tar.gz" | sha256sum -c - \
