fix(security): vulnerabilities found in quorum-all-in-one

Fixes hyperledger-cacti#2059 Signed-off-by: aldousalvarez <aldousss.alvarez@gmail.com>
aldousalvarez · Jan 4, 2023 · df939f5 · df939f5
1 parent 25f2f54
commit df939f5
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 6 deletions.
diff --git a/.github/containerscan/allowedlist.yaml b/.github/containerscan/allowedlist.yaml
@@ -1,6 +1,7 @@
 general:
   vulnerabilities:
     #besu-all-in-one
+    - CVE-2022-37734
+    - CVE-2022-25857
+
 
-    -CVE-2022-37734
-    -CVE-2022-25857
diff --git a/tools/docker/quorum-all-in-one/Dockerfile b/tools/docker/quorum-all-in-one/Dockerfile
@@ -1,5 +1,5 @@
-ARG QUORUM_VERSION=21.4.1
-ARG TESSERA_VERSION=21.1.1
+ARG QUORUM_VERSION=22.7.4
+ARG TESSERA_VERSION=21.1.7
 
 FROM quorumengineering/quorum:$QUORUM_VERSION AS quorum
 FROM quorumengineering/tessera:$TESSERA_VERSION AS tessera
@@ -8,10 +8,10 @@ COPY --from=quorum /usr/local/bin/geth /usr/local/bin/
 COPY --from=quorum /usr/local/bin/bootnode /usr/local/bin/
 
 # BASH
-RUN apk update && apk add --no-cache bash
+RUN apt update && apt-get -y --no-cache install bash
 
 # SUPERVISORD
-RUN apk update && apk add --no-cache supervisor
+RUN apt update && apt-get -y --no-cache install supervisor
 RUN mkdir -p /var/log/supervisor
 COPY supervisord.conf /etc/supervisord.conf