Skip to content

Commit 8eb32c1

Browse files
swibi-ttdclaude
andcommitted
UID2-7376: upgrade p11-kit to patch CVE-2026-2100
The Alpine 3.23 base layer ships p11-kit and p11-kit-trust 0.25.5-r2, which are vulnerable to CVE-2026-2100 (HIGH) - a NULL pointer dereference via C_DeriveKey. The fixed version 0.26.2-r0 is available in the Alpine v3.23 repo, but the latest eclipse-temurin base image has not yet picked it up, so we upgrade explicitly at build time. Both subpackages must be listed because upgrading p11-kit alone leaves p11-kit-trust vulnerable. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1 parent 65ffdc6 commit 8eb32c1

1 file changed

Lines changed: 1 addition & 1 deletion

File tree

Dockerfile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ COPY ./target/${JAR_NAME}-${JAR_VERSION}-sources.jar /app
1616
COPY ./conf/default-config.json /app/conf/
1717
COPY ./conf/*.xml /app/conf/
1818

19-
RUN apk add --no-cache --upgrade libpng libcrypto3 libssl3 musl musl-utils gnutls && adduser -D uid2-core && mkdir -p /app && chmod 705 -R /app && mkdir -p /app/file-uploads && chmod 777 -R /app/file-uploads && mkdir -p /app/pod_terminating && chmod 777 -R /app/pod_terminating
19+
RUN apk add --no-cache --upgrade libpng libcrypto3 libssl3 musl musl-utils gnutls p11-kit p11-kit-trust && adduser -D uid2-core && mkdir -p /app && chmod 705 -R /app && mkdir -p /app/file-uploads && chmod 777 -R /app/file-uploads && mkdir -p /app/pod_terminating && chmod 777 -R /app/pod_terminating
2020
USER uid2-core
2121

2222
CMD java \

0 commit comments

Comments
 (0)