From 0f08dc070d05b5a9e2daf820468f391982ad291f Mon Sep 17 00:00:00 2001 From: Virus <42931451+V1V1rus@users.noreply.github.com> Date: Wed, 8 Jul 2026 19:19:06 +0800 Subject: [PATCH] fix: update nginx version. fix CVE-2026-9256 (#16732) ### Summary Updates the NGINX package used in the RAGFlow Docker image from `1.31.0-1~noble` to `1.31.2-1~noble`. NGINX 1.31.0 is affected by CVE-2026-9256. NGINX 1.31.2 includes the corresponding security fix and is available from the official NGINX mainline repository for Ubuntu Noble. ### References - nginx security advisories: https://nginx.org/en/security_advisories.html - Vendor advisory: https://my.f5.com/manage/s/article/K000161377 ### Fix Single-line change in `Dockerfile:62`: ```diff -ARG NGINX_VERSION=1.31.0-1~noble +ARG NGINX_VERSION=1.31.2-1~noble Co-authored-by: duanyuan --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 2a250ab3b..27cd035f8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -59,7 +59,7 @@ RUN mkdir -p /usr/share/infinity/resource && \ cp -r /tmp/resource/* /usr/share/infinity/resource && \ rm -rf /tmp/resource -ARG NGINX_VERSION=1.31.0-1~noble +ARG NGINX_VERSION=1.31.2-1~noble RUN --mount=type=cache,id=ragflow_apt,target=/var/cache/apt,sharing=locked \ mkdir -p /etc/apt/keyrings && \ curl --retry 5 --retry-delay 2 --retry-all-errors -fsSL https://nginx.org/keys/nginx_signing.key | gpg --dearmor -o /etc/apt/keyrings/nginx-archive-keyring.gpg && \