From 4e846a2d5f55dee4e2d50f78a6486e839b130d3a Mon Sep 17 00:00:00 2001 From: gahusb Date: Mon, 1 Jun 2026 17:33:13 +0900 Subject: [PATCH] =?UTF-8?q?fix(security):=20nginx=20CVE-2026-42945=20?= =?UTF-8?q?=EB=8C=80=EC=9D=91=20=E2=80=94=20=ED=8C=A8=EC=B9=98=20=EB=B2=84?= =?UTF-8?q?=EC=A0=84=20=EA=B3=A0=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 미고정 nginx:alpine → nginx:1.30.1-alpine (NGINX Rift, ngx_http_rewrite_module 힙 오버플로우 CVSS 9.2, 1.30.1/1.31.0에서 수정). 현재 default.conf엔 rewrite 디렉티브가 없어 실 익스플로잇 경로는 미도달이나 defense-in-depth로 패치 stable 고정. Co-Authored-By: Claude Opus 4.8 (1M context) --- docker-compose.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 2ac73d0..ea8ea1a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -380,7 +380,9 @@ services: retries: 3 frontend: - image: nginx:alpine + # CVE-2026-42945 (NGINX Rift, ngx_http_rewrite_module heap overflow, CVSS 9.2) + # 대응: 미고정 nginx:alpine → 패치 stable 버전 고정 (fix in 1.30.1 / 1.31.0) + image: nginx:1.30.1-alpine container_name: frontend restart: unless-stopped depends_on: