Fix critical CVEs by using official Caddy image instead of Alpine package
Some checks failed
Build & Push Docker Image / build (push) Has been cancelled
Some checks failed
Build & Push Docker Image / build (push) Has been cancelled
Copy Caddy binary from caddy:2-alpine multi-stage build to avoid stale smallstep/certificates (CVE CVSS 10) and grpc vulnerabilities shipped with the Alpine caddy package. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
schmidt1024
@@ -1,7 +1,12 @@
|
||||
FROM caddy:2-alpine AS caddy
|
||||
|
||||
FROM php:8.3-fpm-alpine AS base
|
||||
|
||||
# Copy Caddy binary from official image (avoids stale Alpine package)
|
||||
COPY --from=caddy /usr/bin/caddy /usr/sbin/caddy
|
||||
|
||||
# Install PHP curl extension (needed for API proxies)
|
||||
RUN apk add --no-cache caddy curl-dev \
|
||||
RUN apk add --no-cache curl-dev \
|
||||
&& docker-php-ext-install curl \
|
||||
&& rm -rf /var/cache/apk/*
|
||||
|
||||
|
||||
Reference in New Issue
Block a user