From 1584c59dd6cde40e4f1f1cda061d37800ddd80f1 Mon Sep 17 00:00:00 2001 From: Venktesh Shivam Patel Date: Wed, 17 Apr 2024 15:05:33 +0100 Subject: [PATCH 1/2] pin app-protect module version to 4.8.1 (#5409) --- build/Dockerfile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/build/Dockerfile b/build/Dockerfile index e480141520..b83540445c 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -140,7 +140,7 @@ RUN --mount=type=bind,from=alpine-fips-3.17,target=/tmp/fips/ \ && cp -av /tmp/fips/etc/ssl/openssl.cnf /etc/ssl/openssl.cnf \ && cp -av /tmp/ot/usr/local/lib/libjaegertracing*so* /tmp/ot/usr/local/lib/libzipkin*so* /tmp/ot/usr/local/lib/libdd*so* /tmp/ot/usr/local/lib/libyaml*so* /usr/local/lib/ \ && ldconfig /usr/local/lib/ \ - && apk add --no-cache app-protect app-protect-attack-signatures app-protect-threat-campaigns + && apk add --no-cache app-protect=~31.4.815 app-protect-attack-signatures app-protect-threat-campaigns ############################################# Base image for Debian with NGINX Plus ############################################# @@ -200,7 +200,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode ## end of duplicated code && if [ -z "${NGINX_AGENT##true}" ]; then apt-get install --no-install-recommends --no-install-suggests -y nginx-agent; fi \ && if [ -z "${NAP_MODULES##*waf*}" ]; then \ - apt-get install --no-install-recommends --no-install-suggests -y app-protect app-protect-attack-signatures app-protect-threat-campaigns; \ + apt-get install --no-install-recommends --no-install-suggests -y app-protect=31+4.815* app-protect-attack-signatures app-protect-threat-campaigns; \ fi \ && if [ -z "${NAP_MODULES##*dos*}" ]; then \ apt-get install --no-install-recommends --no-install-suggests -y app-protect-dos; \ @@ -276,7 +276,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode && dnf --nodocs install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm \ && rpm --import /tmp/app-protect-security-updates.key \ && if [ -z "${NAP_MODULES##*waf*}" ]; then \ - dnf --nodocs install -y app-protect app-protect-attack-signatures app-protect-threat-campaigns; \ + dnf --nodocs install -y app-protect-31+4.815* app-protect-attack-signatures app-protect-threat-campaigns; \ fi \ # fix for CVEs && dnf upgrade -y curl ncurses \ @@ -324,7 +324,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode && dnf --nodocs install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm \ && rpm --import /tmp/app-protect-security-updates.key \ && if [ -z "${NAP_MODULES##*waf*}" ]; then \ - dnf --nodocs install -y app-protect app-protect-attack-signatures app-protect-threat-campaigns; \ + dnf --nodocs install -y app-protect-31+4.815* app-protect-attack-signatures app-protect-threat-campaigns; \ fi \ && if [ -z "${NAP_MODULES##*dos*}" ]; then \ dnf --nodocs install -y app-protect-dos; \ From 33270e91bd519390e3e627a9201d144f09c24a70 Mon Sep 17 00:00:00 2001 From: Venktesh Shivam Patel Date: Tue, 23 Apr 2024 09:39:21 +0100 Subject: [PATCH 2/2] pin ap compiler and engine (#5433) --- build/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build/Dockerfile b/build/Dockerfile index b83540445c..e814744dff 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -200,7 +200,7 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/ssl/nginx/nginx-repo.crt,mode ## end of duplicated code && if [ -z "${NGINX_AGENT##true}" ]; then apt-get install --no-install-recommends --no-install-suggests -y nginx-agent; fi \ && if [ -z "${NAP_MODULES##*waf*}" ]; then \ - apt-get install --no-install-recommends --no-install-suggests -y app-protect=31+4.815* app-protect-attack-signatures app-protect-threat-campaigns; \ + apt-get install --no-install-recommends --no-install-suggests -y app-protect=31+4.815* app-protect-engine=10.624* app-protect-common=10.624* app-protect-compiler=10.624* app-protect-plugin=5.24* nginx-plus-module-appprotect=31+4.815* app-protect-attack-signatures app-protect-threat-campaigns; \ fi \ && if [ -z "${NAP_MODULES##*dos*}" ]; then \ apt-get install --no-install-recommends --no-install-suggests -y app-protect-dos; \