Merge pull request #303 from andyzhangx/cve-3.1

fix: CVE issues in image build on release-3.1
fix: CVE issues in image build
2022-03-30 20:05:48 +08:00 · 2022-03-30 11:29:08 +00:00
1 changed files with 4 additions and 6 deletions
--- a/10
+++ b/10
@ -12,17 +12,15 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-FROM k8s.gcr.io/build-image/debian-base:bullseye-v1.0.0
+FROM k8s.gcr.io/build-image/debian-base:bullseye-v1.1.0
 # Architecture for bin folder
 ARG ARCH
-
+ARG binary=./bin/${ARCH}/nfsplugin
-# Copy nfsplugin from build _output directory
+COPY ${binary} /nfsplugin
 COPY bin/${ARCH}/nfsplugin /nfsplugin
 RUN apt update && apt-mark unhold libcap2
 RUN clean-install ca-certificates mount nfs-common netbase
 # install updated packages to fix CVE issues
-RUN clean-install libssl1.1 libgssapi-krb5-2 libk5crypto3 libkrb5-3 libkrb5support0 libgmp10
+RUN clean-install libgmp10 bsdutils libssl1.1 openssl libc6 libc-bin libsystemd0 libudev1
 ENTRYPOINT ["/nfsplugin"]
Author	SHA1	Message	Date
Andy Zhang	c0bf858eab	Merge pull request #303 from andyzhangx/cve-3.1 fix: CVE issues in image build on release-3.1	2022-03-30 20:05:48 +08:00
andyzhangx	e889a5efa0	fix: CVE issues in image build	2022-03-30 11:29:08 +00:00