UID2-6905: upgrade libcrypto3/libssl3 to fix CVE-2026-28390 (#2488)

sunnywu · claude · web-flow · commit 7d6e67c1025c · 2026-04-13T12:38:31.000+10:00
Adds apk upgrade for libcrypto3 and libssl3 (3.5.5-r0 → 3.5.6-r0) to
address HIGH severity OpenSSL Denial of Service vulnerability.

Co-authored-by: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/Dockerfile b/Dockerfile
@@ -2,7 +2,8 @@
 FROM eclipse-temurin@sha256:693c22ea458d62395bac47a2da405d0d18c77b205211ceec4846a550a37684b6
 
 # For Amazon Corretto Crypto Provider
-RUN apk add --no-cache gcompat
+# CVE-2026-28390: upgrade libcrypto3/libssl3 to 3.5.6-r0+ (UID2-6905)
+RUN apk add --no-cache gcompat && apk upgrade --no-cache libcrypto3 libssl3
 
 WORKDIR /app
 EXPOSE 8080
