Thanks to visit codestin.com
Credit goes to GitHub.com

Skip to content

Switch to docker alpine #2119

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wginolas wants to merge 1 commit into
base: staging
Choose a base branch
from
Open

Switch to docker alpine #2119

wginolas wants to merge 1 commit into from
+6 −11

Conversation

@wginolas
Copy link
Contributor

@wginolas wginolas commented Dec 1, 2025

Our current Docker base image node:lts-slim includes the CVE-2023-45853. To make sure not any red lamps go on I switched the base image to node:lts-alpine.

Docker images can be scanned for CVEs like this:

docker run -v /var/run/docker.sock:/var/run/docker.sock -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy:latest image cryptpad/cryptpad:latest

docker run -v /var/run/docker.sock:/var/run/docker.sock -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy:latest image node:lts-slim

docker run -v /var/run/docker.sock:/var/run/docker.sock -v $HOME/Library/Caches:/root/.cache/ aquasec/trivy:latest image node:lts-alpine

@wginolas wginolas added this to the Winter release (2025.12.0) milestone Dec 1, 2025
@wginolas wginolas added the Ready to Review This PR is ready to be checked by another team member label Dec 1, 2025
@mathilde-cryptpad mathilde-cryptpad self-assigned this Dec 29, 2025
@mathilde-cryptpad mathilde-cryptpad added the Deployment Containers, automation scripts, etc. label Dec 29, 2025
@mathilde-cryptpad
Copy link
Contributor

mathilde-cryptpad commented Jan 6, 2026

Hey!

It's a good idea, we just need to be mindful of the software dependencies needed to properly run CryptPad. I'm thinking about what's being mentioned in #1937, where we might be lacking less.

Don't hesitate to get back to me with this, we can discuss it directly. :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mathilde-cryptpad mathilde-cryptpad Awaiting requested review from mathilde-cryptpad

Assignees

@mathilde-cryptpad mathilde-cryptpad

Labels

Deployment Containers, automation scripts, etc. Ready to Review This PR is ready to be checked by another team member

Projects

None yet

Milestone

Winter release (2026.1.0)

Development

Successfully merging this pull request may close these issues.

3 participants

@wginolas @mathilde-cryptpad