This is an automated email from the ASF dual-hosted git repository. kezhenxu94 pushed a commit to branch cves/bump-busybox-cve-2025-60876 in repository https://gitbox.apache.org/repos/asf/skywalking-satellite.git
commit 8b6de462c11306f86a74998441f504a94cf1e9b6 Author: kezhenxu94 <[email protected]> AuthorDate: Mon May 18 14:21:11 2026 +0800 cves: bump busybox to 1.37.0-r31 to fix CVE-2025-60876 Add Alpine edge/main repository to install busybox>=1.37.0-r31 which contains the fix for CVE-2025-60876 (MEDIUM). The fix is not yet backported to alpine:3.23 stable, so we pin busybox from the edge repository. Note: golang.org/x/net was already bumped to v0.53.0 in PR #253, fixing CVE-2026-33814. --- docker/Dockerfile | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docker/Dockerfile b/docker/Dockerfile index c96c0be..d944687 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -30,9 +30,11 @@ RUN mv /src/bin/skywalking-satellite-${VERSION}-linux-${TARGETARCH} /src/bin/sky FROM alpine:3.23 -RUN apk update --no-cache && \ +RUN echo '@edge https://dl-cdn.alpinelinux.org/alpine/edge/main' >> /etc/apk/repositories && \ + apk update --no-cache && \ apk upgrade --no-cache && \ - apk add --no-cache ca-certificates "libssl3>=3.3.7-r0" "libcrypto3>=3.3.7-r0" "musl>=1.2.5-r11" + apk add --no-cache ca-certificates "libssl3>=3.3.7-r0" "libcrypto3>=3.3.7-r0" "musl>=1.2.5-r11" \ + "busybox@edge>=1.37.0-r31" "busybox-binsh@edge>=1.37.0-r31" "ssl_client@edge>=1.37.0-r31" VOLUME /skywalking/configs
