Skip to content

Commit

Permalink
Release 0.1.23 (includes security update)
Browse files Browse the repository at this point in the history 
Bugfix: Apply ACL rules to WebSocket commands.
        ACL rules were not applied for WebSocket connections, this is
        now fixed.

Upgraded:
- Alpine base image was upgraded to 3.20.3 (latest)
- Jansson library was upgraded to version 2.14 (latest)

Testing improvements: The GitHub Actions validation job for Webdis was
updated to now run on multiple different systems:
- Ubuntu 20.04
- Ubuntu 22.04
- Ubuntu 23.04
- macOS 11
- macOS 12

Security: this is also a security update, fixing vulnerabilities found
in the OpenSSL library, installed from Alpine Linux packages (Alpine
Linus provides the base image for Webdis).
For more details: https://scout.docker.com/v/CVE-2023-5363

Impact: Webdis can connect to external Webdis instances over TLS.
By default, it does not use TLS to connect to Redis, but interfaces
with Redis over a local connection within the Docker container.
Please review whether these OpenSSL vulnerabilities affect your
deployment. If you do not use TLS to connect to Redis, then you should
not be affected.
  • Loading branch information
@nicolasff
nicolasff committed Oct 23, 2024
1 parent 5d11b2b commit 6bd158e
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 6 deletions.
9 changes: 4 additions & 5 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM alpine:3.18.3 AS stage
FROM alpine:3.20.3 AS stage
LABEL maintainer="Nicolas Favre-Felix <n.favrefelix@gmail.com>"

RUN apk update && apk add wget make gcc libevent-dev msgpack-c-dev musl-dev openssl-dev bsd-compat-headers jq
Expand All @@ -9,15 +9,14 @@ RUN cd webdis-$(cat latest) && make && make install && make clean && make SSL=1
RUN sed -i -e 's/"daemonize":.*true,/"daemonize": false,/g' /etc/webdis.prod.json

# main image
FROM alpine:3.18.3
FROM alpine:3.20.3
# Required dependencies, with versions fixing known security vulnerabilities
RUN apk update && apk add libevent msgpack-c openssl \
'redis>=6.2.10' 'libssl3>=3.0.10-r0' 'libcrypto3>=3.0.10-r0' \
'libssl1.1' 'libcrypto1.1>=1.1.1u-r1' && \
'redis>=6.2.10' 'libssl3>=3.2.2-r1' 'libcrypto3>=3.3.2-r1' && \
rm -f /var/cache/apk/* /usr/bin/redis-benchmark /usr/bin/redis-cli
COPY --from=stage /usr/local/bin/webdis /usr/local/bin/webdis-ssl /usr/local/bin/
COPY --from=stage /etc/webdis.prod.json /etc/webdis.prod.json
RUN echo "daemonize yes" >> /etc/redis.conf
CMD /usr/bin/redis-server /etc/redis.conf && /usr/local/bin/webdis /etc/webdis.prod.json
CMD ["/bin/sh", "-c", "/usr/bin/redis-server /etc/redis.conf && /usr/local/bin/webdis /etc/webdis.prod.json"]

EXPOSE 7379
2 changes: 1 addition & 1 deletion src/version.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
#define VERSION_H

#ifndef WEBDIS_VERSION
#define WEBDIS_VERSION "0.1.23-dev"
#define WEBDIS_VERSION "0.1.23"
#endif

#endif /* VERSION_H */

0 comments on commit 6bd158e

Please sign in to comment.