Remove curl from the nginx image
Closed this issue · 1 comments
Name and Version
rapidfort/nginx 1.22.1-debian-11-r50
What is the problem this feature will solve?
curl is responsible for many vulnerabilities (see the Rapidfort info page for nginx).
This package has been added in the official image, as requested by a user (see: nginxinc/docker-nginx#378) but I think it is not worth to add such a vulnerable package just to provide default support for consul. Running apk add curl
is not such a big deal.
See also: nginxinc/docker-nginx#681
What is the feature you are proposing to solve the problem?
Remove curl as it is not required to run nginx.
What alternatives have you considered?
No response
Hi @MatsG23 Rapidfort nginx image doesnt have curl in it. Please see this: https://frontrow.rapidfort.com/app/community/imageinfo/docker.io%2Fbitnami%2Fnginx/vulns/hardened
Also please note our images are debian based and hence its not using apk package manager.