From 632bf950db93649c206781944a305b68e642805c Mon Sep 17 00:00:00 2001
From: Javier Evans <j.evans@f5.com>
Date: Wed, 25 Oct 2023 16:29:51 -0700
Subject: [PATCH] FIX: update NGINX, NGINX Plus, NJS, and NGINX XSLT module to
 newest versions (#184)

The vulnerability was not applicable to how this project operates but we are updating as a cautionary measure.  Many thanks to @saipraveen88 for flagging the issue.

CVE: https://github.com/advisories/GHSA-qppj-fm5r-hxr3
NGINX Blog post on the topic: https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/
---
 Dockerfile.buildkit.plus | 10 +++++-----
 Dockerfile.latest-njs    |  2 +-
 Dockerfile.oss           |  6 +++---
 Dockerfile.plus          | 10 +++++-----
 4 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/Dockerfile.buildkit.plus b/Dockerfile.buildkit.plus
index 729f8b99..b66df30f 100644
--- a/Dockerfile.buildkit.plus
+++ b/Dockerfile.buildkit.plus
@@ -1,9 +1,9 @@
-FROM debian:bullseye-slim
+FROM debian:bookworm-slim
 
-ENV NGINX_PLUS_VERSION   29-1
-ENV NGINX_VERSION        1.23.4
-ENV NJS_VERSION          29+0.7.12-1
-ENV XSLT_VERSION         29-1
+ENV NGINX_PLUS_VERSION   30-2
+ENV NGINX_VERSION        1.25.1
+ENV NJS_VERSION          30+0.8.0-1
+ENV XSLT_VERSION         30-1
 
 ENV PROXY_CACHE_MAX_SIZE "10g"
 ENV PROXY_CACHE_INACTIVE "60m"
diff --git a/Dockerfile.latest-njs b/Dockerfile.latest-njs
index bc12374d..8f263c6c 100644
--- a/Dockerfile.latest-njs
+++ b/Dockerfile.latest-njs
@@ -6,7 +6,7 @@ FROM nginx-s3-gateway
 RUN set -eux \
     export DEBIAN_FRONTEND=noninteractive;  \
     apt-get update -qq; \
-    apt-get install --no-install-recommends --no-install-suggests --yes make gcc libc6-dev curl expect libpcre2-dev libpcre3-dev libedit-dev libreadline-dev libssl-dev libpcre2-posix2 libxml2-dev libxslt1-dev zlib1g-dev; \
+    apt-get install --no-install-recommends --no-install-suggests --yes make gcc libc6-dev curl expect libpcre2-dev libpcre3-dev libedit-dev libreadline-dev libssl-dev libpcre2-posix3 libxml2-dev libxslt1-dev zlib1g-dev; \
     mkdir -p /tmp/nginx /tmp/njs-latest; \
     curl --retry 6 --location "https://nginx.org/download/nginx-${NGINX_VERSION}.tar.gz" \
         | gunzip | tar --extract --strip-components=1 --directory /tmp/nginx; \
diff --git a/Dockerfile.oss b/Dockerfile.oss
index f986474e..423a8842 100644
--- a/Dockerfile.oss
+++ b/Dockerfile.oss
@@ -1,7 +1,7 @@
-FROM nginx:1.24.0
+FROM nginx:1.25.3
 
-ENV NGINX_VERSION "1.24.0"
-ENV NJS_VERSION   0.7.12
+ENV NGINX_VERSION "1.25.3"
+ENV NJS_VERSION   "0.8.2"
 
 ENV PROXY_CACHE_MAX_SIZE "10g"
 ENV PROXY_CACHE_INACTIVE "60m"
diff --git a/Dockerfile.plus b/Dockerfile.plus
index 47252b5e..09f5ddd1 100644
--- a/Dockerfile.plus
+++ b/Dockerfile.plus
@@ -1,9 +1,9 @@
-FROM debian:bullseye-slim
+FROM debian:bookworm-slim
 
-ENV NGINX_PLUS_VERSION   29-1
-ENV NGINX_VERSION        1.23.4
-ENV NJS_VERSION          29+0.7.12-1
-ENV XSLT_VERSION         29-1
+ENV NGINX_PLUS_VERSION   30-2
+ENV NGINX_VERSION        1.25.1
+ENV NJS_VERSION          30+0.8.0-1
+ENV XSLT_VERSION         30-1
  
 ENV PROXY_CACHE_MAX_SIZE "10g"
 ENV PROXY_CACHE_INACTIVE "60m"