From 326896c3d347ceb9e4a0c0a0c44220d518d7262a Mon Sep 17 00:00:00 2001
From: Ciara Stacke <18287516+ciarams87@users.noreply.github.com>
Date: Mon, 14 Mar 2022 18:37:15 +0000
Subject: [PATCH] Fix CVE-2022-23308 (#2485)

---
 build/Dockerfile | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/build/Dockerfile b/build/Dockerfile
index 5692a8d307..cdf57391e3 100644
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -21,7 +21,9 @@ RUN apt-get update \
 # docker.io/library/nginx is a temporary workaround for Dependabot to see this as different from the one used in Debian
 FROM docker.io/library/nginx:1.21.6-alpine AS alpine
 
-RUN apk add --no-cache libcap
+RUN apk add --no-cache libcap \
+    # Temp fix for CVE-2022-23308
+    && apk add --no-cache libxml2~2.9.13-r0
 
 
 ############################################# Base image for Alpine with NGINX Plus #############################################
@@ -32,7 +34,9 @@ RUN --mount=type=secret,id=nginx-repo.crt,dst=/etc/apk/cert.pem,mode=0644 \
 	--mount=type=secret,id=nginx-repo.key,dst=/etc/apk/cert.key,mode=0644 \
 	wget -nv -O /etc/apk/keys/nginx_signing.rsa.pub https://cs.nginx.com/static/keys/nginx_signing.rsa.pub \
 	&& printf "%s\n" "https://pkgs.nginx.com/plus/alpine/v$(grep -E -o '^[0-9]+\.[0-9]+' /etc/alpine-release)/main" >> /etc/apk/repositories \
-	&& apk add --no-cache libcap nginx-plus~${NGINX_PLUS_VERSION#r} nginx-plus-module-njs~${NGINX_PLUS_VERSION#r}
+	&& apk add --no-cache libcap nginx-plus~${NGINX_PLUS_VERSION#r} nginx-plus-module-njs~${NGINX_PLUS_VERSION#r} \
+	# Temp fix for CVE-2022-23308
+    && apk add --no-cache libxml2~2.9.13-r0
 
 
 ############################################# Base image for Debian with NGINX Plus #############################################