Update Redhat image package to resolve CVE-2022-1271

cyberark · Apr 29, 2022 · 0d17de4 · 0d17de4
1 parent 73baa7f
commit 0d17de4
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/Dockerfile b/Dockerfile
@@ -42,7 +42,7 @@ RUN go build -ldflags="-X github.com/cyberark/secretless-broker/pkg/secretless.T
 
 
 # =================== MAIN CONTAINER ===================
-FROM alpine:3.14 as secretless-broker
+FROM alpine:3.15 as secretless-broker
 MAINTAINER CyberArk Software Ltd.
 
 RUN apk add -u shadow libc6-compat openssl && \
@@ -94,6 +94,9 @@ LABEL summary="Secure your apps by making them Secretless"
 LABEL description="Secretless Broker is a connection broker which relieves client \
 applications of the need to directly handle secrets to target services"
 
+# Update packages to get CVE fixes
+RUN dnf update -y
+
     # Add Limited user
 RUN groupadd -r secretless \
              -g 777 && \