From 1be53f56f726720ffe88edb434bb66c4c234e9e7 Mon Sep 17 00:00:00 2001 From: James Catto Date: Tue, 27 Sep 2022 14:12:25 +0100 Subject: [PATCH 1/2] Added pjohnson changes to fix security issues --- Dockerfile | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 68575c4171..593ddc6cfa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM node:14.17 as frontend-builder +FROM node:14.17-bullseye as frontend-builder RUN npm install --global --force yarn@1.22.10 @@ -25,7 +25,7 @@ COPY --chown=redash client /frontend/client COPY --chown=redash webpack.config.js /frontend/ RUN if [ "x$skip_frontend_build" = "x" ] ; then yarn build; else mkdir -p /frontend/client/dist && touch /frontend/client/dist/multi_org.html && touch /frontend/client/dist/index.html; fi -FROM python:3.7-slim-buster +FROM python:3.7.13-slim-bullseye EXPOSE 5000 @@ -36,6 +36,8 @@ ARG skip_dev_deps RUN useradd --create-home redash +RUN apt update -y && apt upgrade -y && apt autoremove -y + # Ubuntu packages RUN apt-get update && \ apt-get install -y --no-install-recommends \ @@ -50,6 +52,7 @@ RUN apt-get update && \ libpq-dev \ # ODBC support: g++ unixodbc-dev \ + unixodbc \ # for SAML xmlsec1 \ # Additional packages required for data sources: From c26d73eb00996be00e7befcd8bd4f3aaf51a7755 Mon Sep 17 00:00:00 2001 From: James Catto Date: Tue, 27 Sep 2022 14:26:43 +0100 Subject: [PATCH 2/2] Simplified apt update --- Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 593ddc6cfa..f9fff46fef 100644 --- a/Dockerfile +++ b/Dockerfile @@ -36,10 +36,9 @@ ARG skip_dev_deps RUN useradd --create-home redash -RUN apt update -y && apt upgrade -y && apt autoremove -y # Ubuntu packages -RUN apt-get update && \ +RUN apt-get update && apt-get upgrade -y && apt-get autoremove -y && \ apt-get install -y --no-install-recommends \ curl \ gnupg \