security: upgrade base docker image (Alpine) from 3.20.1 to 3.20.2 (#6684)

See https://www.alpinelinux.org/posts/Alpine-3.20.1-released.html

>including security fix for:
OpenSSL CVE-2024-5535
This commit is contained in:
Hui Wang 2024-07-23 19:20:06 +08:00 committed by Aliaksandr Valialkin
parent 9f5eb25150
commit e0c62e5c50
No known key found for this signature in database
GPG Key ID: 52C003EE2BCDB9EB
3 changed files with 5 additions and 3 deletions

View File

@ -6,7 +6,7 @@ COPY web/ /build/
RUN GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -o web-amd64 github.com/VictoriMetrics/vmui/ && \
GOOS=windows GOARCH=amd64 CGO_ENABLED=0 go build -o web-windows github.com/VictoriMetrics/vmui/
FROM alpine:3.20.1
FROM alpine:3.20.2
USER root
COPY --from=build-web-stage /build/web-amd64 /app/web

View File

@ -2,9 +2,9 @@
DOCKER_NAMESPACE ?= victoriametrics
ROOT_IMAGE ?= alpine:3.20.1
ROOT_IMAGE ?= alpine:3.20.2
ROOT_IMAGE_SCRATCH ?= scratch
CERTS_IMAGE := alpine:3.20.1
CERTS_IMAGE := alpine:3.20.2
GO_BUILDER_IMAGE := golang:1.22.5-alpine
BUILDER_IMAGE := local/builder:2.0.0-$(shell echo $(GO_BUILDER_IMAGE) | tr :/ __)-1

View File

@ -33,6 +33,8 @@ See also [LTS releases](https://docs.victoriametrics.com/lts-releases/).
**Update note 1: [vmauth](https://docs.victoriametrics.com/vmauth/) HTTP response code has changed from 503 to 502 for a case when all upstream backends were not available. This was changed to align [vmauth](https://docs.victoriametrics.com/vmauth/) behaviour with other well-known reverse-proxies behaviour. **
* SECURITY: upgrade base docker image (Alpine) from 3.20.1 to 3.20.2. See [alpine 3.20.2 release notes](https://alpinelinux.org/posts/Alpine-3.20.2-released.html).
* FEATURE: [vmauth](https://docs.victoriametrics.com/vmauth/): add `keep_original_host` option, which can be used for proxying the original `Host` header from client request to the backend. By default the backend host is used as `Host` header when proxying requests to the configured backends. See [these docs](https://docs.victoriametrics.com/vmauth/#host-http-header).
* FEATURE: [vmauth](https://docs.victoriametrics.com/vmauth/) now returns HTTP 502 status code when all upstream backends are not available. Previously, it returned HTTP 503 status code. This change aligns vmauth behavior with other well-known reverse-proxies behavior.