SECURITY: base image updates

SECURITY: base image updates

  • Ruby upgraded from 2.6.4 -> 2.6.5 to address CVEs
  • Image Magick from 7.0.8-61 -> 66
  • NGINX 1.17.3 -> 4 (bug fixes only)
diff --git a/image/base/Dockerfile b/image/base/Dockerfile
index f62e491..507c1c6 100644
--- a/image/base/Dockerfile
+++ b/image/base/Dockerfile
@@ -70,12 +70,12 @@ RUN mkdir /jemalloc-new && cd /jemalloc-new &&\
 RUN echo 'gem: --no-document' >> /usr/local/etc/gemrc &&\
     mkdir /src && cd /src && git clone https://github.com/sstephenson/ruby-build.git &&\
     cd /src/ruby-build && ./install.sh &&\
-    cd / && rm -rf /src/ruby-build && (ruby-build 2.6.4 /usr/local)
+    cd / && rm -rf /src/ruby-build && (ruby-build 2.6.5 /usr/local)
 
 RUN gem update --system
 
 RUN gem install bundler --force &&\
-    rm -rf /usr/local/share/ri/2.6.4/system &&\
+    rm -rf /usr/local/share/ri/2.6.5/system &&\
     cd / && git clone https://github.com/discourse/pups.git
 
 ADD install-redis /tmp/install-redis
diff --git a/image/base/install-imagemagick b/image/base/install-imagemagick
index 9fa7929..31f6dcc 100755
--- a/image/base/install-imagemagick
+++ b/image/base/install-imagemagick
@@ -1,7 +1,7 @@
 #!/bin/bash
 set -o errexit
 
-IMAGE_MAGICK_VERSION="7.0.8-61"
+IMAGE_MAGICK_VERSION="7.0.8-66"
 LIBPNG_VERSION="1.6.37"
 
 PREFIX=/usr/local
diff --git a/image/base/install-nginx b/image/base/install-nginx
index 6a33475..7b91333 100755
--- a/image/base/install-nginx
+++ b/image/base/install-nginx
@@ -1,6 +1,6 @@
 #!/bin/bash
 set -e
-VERSION=1.17.3
+VERSION=1.17.4
 cd /tmp
 
 apt install -y autoconf
@@ -41,4 +41,4 @@ cd /
 rm -fr /tmp/nginx
 rm -fr /tmp/libbrotli
 rm -fr /tmp/ngx_brotli
-rm -fr /etc/nginx/modules-enabled/*
\ No newline at end of file
+rm -fr /etc/nginx/modules-enabled/*

GitHub sha: 416467f6

1 Like