You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[security] upgrade nginx (not npm) and eventually OS related libs in the container... is it possible? How? apt update && apt upgrade is not enough :(
#4031
Hi,
I've just the last v2 image (2.11.3) with trivy (https://github.com/aquasecurity/trivy) and I found several vulnerabilities.
I thought that I was able to patch/resolve them executing a shell (docker exec -it nginx_proxy_manager sh) inside the container and then launching an apt update && apt upgrade.
It worked and some things have been upgraded, but nginx - for example - has not. I think it is due to the packages' repositories, but I am not expert of docker.
So, as titled, the question is: is there a way to upgrade all things inside the container (os libraries, nginx vanilla...), except of course the app itself?
Related theme: when a new version of nginx-proxy-manager will be released, I will download the new image and a new container will be created, removing the changes I have made in the previous release of the running container. So, the related question is: how can I easily modify the dockerfile to rebuild an image with all the softwares (os libraries, nginx vanilla...) updated?
thanks for reading and thanks to jc21 for this amazing tool!
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi,
I've just the last v2 image (2.11.3) with trivy (https://github.com/aquasecurity/trivy) and I found several vulnerabilities.
I thought that I was able to patch/resolve them executing a shell (
docker exec -it nginx_proxy_manager sh) inside the container and then launching anapt update && apt upgrade.It worked and some things have been upgraded, but nginx - for example - has not. I think it is due to the packages' repositories, but I am not expert of docker.
So, as titled, the question is: is there a way to upgrade all things inside the container (os libraries, nginx vanilla...), except of course the app itself?
Related theme: when a new version of nginx-proxy-manager will be released, I will download the new image and a new container will be created, removing the changes I have made in the previous release of the running container. So, the related question is: how can I easily modify the dockerfile to rebuild an image with all the softwares (os libraries, nginx vanilla...) updated?
thanks for reading and thanks to jc21 for this amazing tool!
Beta Was this translation helpful? Give feedback.
All reactions