fix(security): nginx CVE-2026-42945 대응 — 패치 버전 고정

미고정 nginx:alpine → nginx:1.30.1-alpine (NGINX Rift, ngx_http_rewrite_module 힙 오버플로우 CVSS 9.2, 1.30.1/1.31.0에서 수정). 현재 default.conf엔 rewrite 디렉티브가 없어 실 익스플로잇 경로는 미도달이나 defense-in-depth로 패치 stable 고정. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-01 17:33:13 +09:00
parent 5d9be51dba
commit 4e846a2d5f
1 changed files with 3 additions and 1 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -380,7 +380,9 @@ services:
      retries: 3

  frontend:
-    image: nginx:alpine
+    # CVE-2026-42945 (NGINX Rift, ngx_http_rewrite_module heap overflow, CVSS 9.2)
+    # 대응: 미고정 nginx:alpine → 패치 stable 버전 고정 (fix in 1.30.1 / 1.31.0)
+    image: nginx:1.30.1-alpine
    container_name: frontend
    restart: unless-stopped
    depends_on: