From 0586d5148dfa25f13f433521c15a42aa9ca9a1dd Mon Sep 17 00:00:00 2001 From: LIRUI YU <128563231+LiruiYu33@users.noreply.github.com> Date: Fri, 6 Feb 2026 12:55:06 +0800 Subject: [PATCH] fixed vulnerabilities CVE-2025-53859 & CVE-2025-23419 (#13016) ### What problem does this PR solve? Fixed vulnerabilities CVE-2025-53859 & CVE-2025-23419 by updating nginx to 1.29.5-1~noble ### Type of change - [X] Bug Fix (non-breaking change which fixes an issue) image --- Dockerfile | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index b8a8ef5f3..d3af16ff0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -48,13 +48,22 @@ RUN --mount=type=cache,id=ragflow_apt,target=/var/cache/apt,sharing=locked \ apt install -y libatk-bridge2.0-0 && \ apt install -y libpython3-dev libgtk-4-1 libnss3 xdg-utils libgbm-dev && \ apt install -y libjemalloc-dev && \ - apt install -y nginx unzip curl wget git vim less && \ + apt install -y gnupg unzip curl wget git vim less && \ apt install -y ghostscript && \ apt install -y pandoc && \ apt install -y texlive && \ apt install -y fonts-freefont-ttf fonts-noto-cjk && \ apt install -y postgresql-client +ARG NGINX_VERSION=1.29.5-1~noble +RUN --mount=type=cache,id=ragflow_apt,target=/var/cache/apt,sharing=locked \ + mkdir -p /etc/apt/keyrings && \ + curl -fsSL https://nginx.org/keys/nginx_signing.key | gpg --dearmor -o /etc/apt/keyrings/nginx-archive-keyring.gpg && \ + echo "deb [signed-by=/etc/apt/keyrings/nginx-archive-keyring.gpg] https://nginx.org/packages/mainline/ubuntu/ noble nginx" > /etc/apt/sources.list.d/nginx.list && \ + apt update && \ + apt install -y nginx=${NGINX_VERSION} && \ + apt-mark hold nginx + # Install uv RUN --mount=type=bind,from=infiniflow/ragflow_deps:latest,source=/,target=/deps \ if [ "$NEED_MIRROR" == "1" ]; then \