fixed vulnerabilities CVE-2025-53859 & CVE-2025-23419 (#13016)

### What problem does this PR solve? Fixed vulnerabilities CVE-2025-53859 & CVE-2025-23419 by updating nginx to 1.29.5-1~noble ### Type of change - [X] Bug Fix (non-breaking change which fixes an issue) <img width="709" height="54" alt="image" src="https://github.com/user-attachments/assets/d8c3518f-bca4-4314-a85c-1aed1678f72e" />
2026-02-06 18:45:08 +08:00 · 2026-02-06 12:55:06 +08:00
parent 11703d957d
commit 0586d5148d
1 changed files with 10 additions and 1 deletions
--- a/11
+++ b/11
@ -48,13 +48,22 @@ RUN --mount=type=cache,id=ragflow_apt,target=/var/cache/apt,sharing=locked \
    apt install -y libatk-bridge2.0-0 && \
    apt install -y libpython3-dev libgtk-4-1 libnss3 xdg-utils libgbm-dev && \
    apt install -y libjemalloc-dev && \
-    apt install -y nginx unzip curl wget git vim less && \
+    apt install -y gnupg unzip curl wget git vim less && \
    apt install -y ghostscript && \
    apt install -y pandoc && \
    apt install -y texlive && \
    apt install -y fonts-freefont-ttf fonts-noto-cjk && \
    apt install -y postgresql-client

+ARG NGINX_VERSION=1.29.5-1~noble
+RUN --mount=type=cache,id=ragflow_apt,target=/var/cache/apt,sharing=locked \
+    mkdir -p /etc/apt/keyrings && \
+    curl -fsSL https://nginx.org/keys/nginx_signing.key | gpg --dearmor -o /etc/apt/keyrings/nginx-archive-keyring.gpg && \
+    echo "deb [signed-by=/etc/apt/keyrings/nginx-archive-keyring.gpg] https://nginx.org/packages/mainline/ubuntu/ noble nginx" > /etc/apt/sources.list.d/nginx.list && \
+    apt update && \
+    apt install -y nginx=${NGINX_VERSION} && \
+    apt-mark hold nginx
+
 # Install uv
 RUN --mount=type=bind,from=infiniflow/ragflow_deps:latest,source=/,target=/deps \
    if [ "$NEED_MIRROR" == "1" ]; then \