Dockerfile: bump nginx image to version 1.28.0-alpine-slim to fix CVE-2025-48174 by leonteq-reisg · Pull Request #10508 · swagger-api/swagger-ui · GitHub | Latest TMZ Celebrity News & Gossip | Watch TMZ Live
Skip to content

Dockerfile: bump nginx image to version 1.28.0-alpine-slim to fix CVE-2025-48174 #10508

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 3 commits into from
Jun 30, 2025

Conversation

leonteq-reisg
Copy link
Contributor

There is a vulnerability in the currently used nginx image described here: https://nvd.nist.gov/vuln/detail/CVE-2025-48174. Upgrading the image to 1.28.0-alpine-slim removes said vulnerability (tested using Xray screening of one of the images created within our company)

Description

Bump the nginx version to 1.28.0-alpine-slim.

How Has This Been Tested?

Build and run the image using nginx:1.28.0-alpine-slim successfully.

Checklist

My PR contains...

  • No code changes (src/ is unmodified: changes to documentation, CI, metadata, etc.)
  • Dependency changes (any modification to dependencies in package.json)
  • Bug fixes (non-breaking change which fixes an issue)
  • [ x] Improvements (misc. changes to existing features)
  • Features (non-breaking change which adds functionality)

My changes...

  • are breaking changes to a public API (config options, System API, major UI change, etc).
  • are breaking changes to a private API (Redux, component props, utility functions, etc.).
  • are breaking changes to a developer API (npm script behavior changes, new dev system dependencies, etc).
  • [ x] are not breaking changes.

Documentation

  • [ x] My changes do not require a change to the project documentation.
  • My changes require a change to the project documentation.
  • If yes to above: I have updated the documentation accordingly.

Automated tests

  • My changes can not or do not need to be tested.
  • My changes can and should be tested by unit and/or integration tests.
  • If yes to above: I have added tests to cover my changes.
  • If yes to above: I have taken care to cover edge cases in my tests.
  • All new and existing tests passed.

@char0n char0n merged commit 94f0818 into swagger-api:master Jun 30, 2025
1 check passed
swagger-bot pushed a commit that referenced this pull request Jul 1, 2025
## [5.25.4](v5.25.3...v5.25.4) (2025-07-01)

### Bug Fixes

* **docker:** bump nginx image to version 1.29.0-alpine to fix CVE-2025-48174 ([#10508](#10508)) ([94f0818](94f0818))
@swagger-bot
Copy link
Contributor

🎉 This PR is included in version 5.25.4 🎉

The release is available on:

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants

TMZ Celebrity News – Breaking Stories, Videos & Gossip

Looking for the latest TMZ celebrity news? You've come to the right place. From shocking Hollywood scandals to exclusive videos, TMZ delivers it all in real time.

Whether it’s a red carpet slip-up, a viral paparazzi moment, or a legal drama involving your favorite stars, TMZ news is always first to break the story. Stay in the loop with daily updates, insider tips, and jaw-dropping photos.

🎥 Watch TMZ Live

TMZ Live brings you daily celebrity news and interviews straight from the TMZ newsroom. Don’t miss a beat—watch now and see what’s trending in Hollywood.