From 16135bde642a38fe4b364f691a8d66eb4e60b00d Mon Sep 17 00:00:00 2001
From: Brian Gough <briangough@users.noreply.github.com>
Date: Mon, 7 Jul 2025 12:21:22 +0100
Subject: [PATCH] Merge pull request #26874 from
 overleaf/bg-sp-hotfix-5-5-2-cve-2024-22088

add security update for CVE-2025-22088 in CE/SP 5.5.2 hotfix

GitOrigin-RevId: 6c61e0a120b82d5f5edb29b3a5f96c4dac6f1a68
---
 server-ce/hotfix/5.5.2/Dockerfile | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/server-ce/hotfix/5.5.2/Dockerfile b/server-ce/hotfix/5.5.2/Dockerfile
index db9d8f27ee..13f82e81a4 100644
--- a/server-ce/hotfix/5.5.2/Dockerfile
+++ b/server-ce/hotfix/5.5.2/Dockerfile
@@ -18,5 +18,10 @@ RUN patch -p1 < pr_26783.patch && rm pr_26783.patch
 COPY pr_26697.patch .
 RUN patch -p1 < pr_26697.patch && rm pr_26697.patch
 
+# Apply security updates to base image
+RUN apt update && apt install -y linux-libc-dev \
+  && unattended-upgrade --verbose --no-minimal-upgrade-steps \
+  && rm -rf /var/lib/apt/lists/*
+
 # Recompile frontend assets
 RUN node genScript compile | bash