Shiny App breaks when trying to fix critcal security vulnerabilities

ninabina921 · November 16, 2023, 3:45pm

Issue Summary:
In effort to remediate critical security vulnerabilities, our environment needs to update our image to use curl version 8.4.0. However, when we add these commands to update the curl version, the /opt/rstudio-connect is deleted.

Steps to Reproduce:

Pull the latest version of the Posit Connect Docker jammy.2023.10.0 image.
Update the Dockerfile to use Curl version 8.4.

RUN apt remove curl -y && apt purge curl -y \
    && apt-get update -y && apt-get install -y libssl-dev autoconf libtool make \
    && apt-get clean \
    && cd /usr/local/src && rm -rf curl* && wget https://curl.haxx.se/download/curl-8.4.0.zip && unzip curl-8.4.0.zip \
    && cd /usr/local/src/curl-8.4.0 && autoreconf -fi && ./configure --with-ssl && make && make install \
    && cd /usr/local/src/curl-8.4.0 && cp /usr/local/bin/curl /usr/bin/curl && sudo ldconfig

Rebuild the Docker image.
Run the container.

Error:
The Docker image build process fails with errors related to the updated Curl version.

Reproducibility:
This issue is consistently reproducible when attempting to update Curl to version 8.4 in the Posit Connect Docker image.

Environment:

Posit Connect Docker Image Version: [jammy-2023.10.0]

system · January 9, 2024, 7:45pm

This topic was automatically closed 54 days after the last reply. New replies are no longer allowed.

If you have a query related to it or one of the replies, start a new topic and refer back with a link.