Merge pull request #26874 from overleaf/bg-sp-hotfix-5-5-2-cve-2024-22088

add security update for CVE-2025-22088 in CE/SP 5.5.2 hotfix GitOrigin-RevId: 6c61e0a120b82d5f5edb29b3a5f96c4dac6f1a68
2026-05-23 09:09:36 +02:00 · 2025-07-07 12:21:22 +01:00
parent 23403a7ef2
commit 16135bde64
1 changed files with 5 additions and 0 deletions
--- a/server-ce/hotfix/5.5.2/Dockerfile
+++ b/server-ce/hotfix/5.5.2/Dockerfile
@@ -18,5 +18,10 @@ RUN patch -p1 < pr_26783.patch && rm pr_26783.patch
 COPY pr_26697.patch .
 RUN patch -p1 < pr_26697.patch && rm pr_26697.patch

+# Apply security updates to base image
+RUN apt update && apt install -y linux-libc-dev \
+  && unattended-upgrade --verbose --no-minimal-upgrade-steps \
+  && rm -rf /var/lib/apt/lists/*
+
 # Recompile frontend assets
 RUN node genScript compile | bash