From 57a5eae5e7f0671a7c551d1a64910eb9a6c46c76 Mon Sep 17 00:00:00 2001
From: Sunny Wu <sunny.wu@thetradedesk.com>
Date: Sun, 12 Apr 2026 12:31:31 +1000
Subject: [PATCH] UID2-6905: upgrade libcrypto3/libssl3 to fix CVE-2026-28390
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Adds apk upgrade for libcrypto3 and libssl3 (3.5.5-r0 → 3.5.6-r0) to
address HIGH severity OpenSSL Denial of Service vulnerability.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 Dockerfile | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 5fb795c79..08320638c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,7 +2,8 @@
 FROM eclipse-temurin@sha256:693c22ea458d62395bac47a2da405d0d18c77b205211ceec4846a550a37684b6
 
 # For Amazon Corretto Crypto Provider
-RUN apk add --no-cache gcompat
+# CVE-2026-28390: upgrade libcrypto3/libssl3 to 3.5.6-r0+ (UID2-6905)
+RUN apk add --no-cache gcompat && apk upgrade --no-cache libcrypto3 libssl3
 
 WORKDIR /app
 EXPOSE 8080