Php: openssl version

Created on 24 Nov 2017  路  3Comments  路  Source: docker-library/php

FROM php:7.1.11-fpm-alpine

is installing 1.0.2k-r0

but it should install

1.0.2m-r0

is there a reason why?

picture cordoval

Most helpful comment

"i am satisfied with my care" ~ Big Hero 6
thanks

picture cordoval on 27 Nov 2017
2 😄1

All 3 comments

The alpine:3.4 image was updated ~24 days ago, while the openssl package was ~18 days ago. We rely heavily on Docker build cache so that the images aren't constantly being rebuilt for no reason. Unfortunately there is nothing between the base image and the line in the Dockerfile installing openssl that would tell it to discard the docker build cache.

https://github.com/docker-library/php/blob/287a157544a8e43032ecb2879ff778d10c0d0e37/7.1/alpine3.4/fpm/Dockerfile#L7-L27

We could probably do something like we do in the tomcat images and pin a specific version so that we can force a build cache bust, but with the two CVEs (CVE-2017-3736 and CVE-2017-3735) fixed in 1.0.2m being "very difficult" and "not believed likely" to exploit it does not seem worth the effort at this time. I think we can instead wait for the next Alpine image rebuild.

yosifkit picture yosifkit on 27 Nov 2017

"i am satisfied with my care" ~ Big Hero 6
thanks

cordoval picture cordoval on 27 Nov 2017
2 😄1

tianon picture tianon on 27 Nov 2017
😄1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ihorsamusenko picture ihorsamusenko  路  4Comments
mcnesium picture mcnesium  路  3Comments
mbates picture mbates  路  3Comments
yosifkit picture yosifkit  路  3Comments
pavlakis picture pavlakis  路  3Comments