Bug Overview
In building nginx modules using modules/ directory, the build process explicitly fetches a tagged branch of nginx/pkg-oss.
|
&& git clone -b ${NGINX_VERSION}-${PKG_RELEASE} https://github.com/nginx/pkg-oss/ \ |
This pins to a specific Nginx release, but a recent critical CVE fix for njs (commit: nginx/pkg-oss@9d879d5) landed on the master branch only, but it doesn't appear in the tagged branch.
any thought how to ensure the build of nginx modules are up-to-date to avoid the situtation in the future?
Expected Behavior
Supposedly the njs version should be get updated and follow the master branch even it is not back-ported to tagged branches.
Steps to Reproduce the Bug
just build the Dockerfile in modules/ directory
Environment Details
- Version/release of Docker and method of installation (e.g. Docker Desktop / Docker Server)
- Version of the Docker NGINX image or specific commit: [e.g. 1.4.3/commit hash]
- Target deployment platform: [e.g. OpenShift/Kubernetes/Docker Compose/local cluster/etc...]
- Target OS: [e.g. RHEL 9/Ubuntu 24.04/etc...]
Additional Context
No response
Bug Overview
In building nginx modules using modules/ directory, the build process explicitly fetches a tagged branch of
nginx/pkg-oss.docker-nginx/modules/Dockerfile.alpine
Line 22 in d19b677
This pins to a specific Nginx release, but a recent critical CVE fix for
njs(commit: nginx/pkg-oss@9d879d5) landed on the master branch only, but it doesn't appear in the tagged branch.any thought how to ensure the build of nginx modules are up-to-date to avoid the situtation in the future?
Expected Behavior
Supposedly the
njsversion should be get updated and follow themasterbranch even it is not back-ported to tagged branches.Steps to Reproduce the Bug
just build the Dockerfile in modules/ directory
Environment Details
Additional Context
No response