From 4172873275318bb07dfb08933ec012e69ef47ec0 Mon Sep 17 00:00:00 2001 From: sean wibisono Date: Tue, 23 Jun 2026 11:41:48 +1000 Subject: [PATCH] UID2-7335: bump eclipse-temurin base to sha256:3f08b138 (ships libexpat 2.8.1-r0) The 2026-06-22 rebuild of 21-jre-alpine-3.23 (sha256:3f08b138) now ships libexpat 2.8.1-r0, so the explicit 'apk add --upgrade libexpat' added in the previous fix (CVE-2026-45186) is no longer needed and is removed, matching the repo convention of dropping per-package upgrades once the base carries the fix. Co-Authored-By: Claude Opus 4.8 (1M context) --- Dockerfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index c09c7469..6a7d4754 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ -# sha from https://hub.docker.com/layers/library/eclipse-temurin/21-jre-alpine-3.23/images/sha256-693c22ea458d62395bac47a2da405d0d18c77b205211ceec4846a550a37684b6 -FROM eclipse-temurin@sha256:693c22ea458d62395bac47a2da405d0d18c77b205211ceec4846a550a37684b6 +# sha from https://hub.docker.com/layers/library/eclipse-temurin/21-jre-alpine-3.23/images/sha256-3f08b13888f595cc49edabea7250ba69499ba25602b267da591720769400e08c +FROM eclipse-temurin@sha256:3f08b13888f595cc49edabea7250ba69499ba25602b267da591720769400e08c WORKDIR /app EXPOSE 8089 @@ -17,7 +17,7 @@ COPY ./conf/default-config.json /app/conf/ COPY ./conf/*.xml /app/conf/ COPY ./webroot/ /app/webroot/ -RUN apk add --no-cache --upgrade libpng libcrypto3 libssl3 musl musl-utils gnutls libexpat && adduser -D uid2-admin && mkdir -p /app && chmod 705 -R /app && mkdir -p /app/file-uploads && chmod 777 -R /app/file-uploads +RUN apk add --no-cache --upgrade libpng libcrypto3 libssl3 musl musl-utils gnutls && adduser -D uid2-admin && mkdir -p /app && chmod 705 -R /app && mkdir -p /app/file-uploads && chmod 777 -R /app/file-uploads USER uid2-admin CMD java \