Server's base image¶
The idliveface server binary is installed on top of a docker image, this docker image is what we call the base image. Up until version 1.47.0 the base image was Ubuntu:22.04
Background¶
Even though Ubuntu image is a pretty minimal image it still contains a minimum set of generic utilities and a package manager.
The industry go-to minimal image is Alpine image. Alpine Linux is a distribution built around Busybox with its own package manager called apk to allow you to install extra software you may need. However, Alpine image has a particularity that makes it not convenient to use which is that it uses musl instead of the more standard glibc.
Instead of using Alpine we build an image based on BusyBox which is compiled using glibc and we manually install the minimum set of packages needed.
CVE¶
With this approach the image contains only the bare minimum software required to run the server and this greatly reduces the CVEs introduced by software that is in the image but not really needed.
When 1.47.0 was released it contained 25 CVE:
| SEVERITY | COUNT | FIXABLE | EXCEPTIONS |
|---|---|---|---|
| Critical | 0 | 0 | 0 |
| High | 0 | 0 | 0 |
| Medium | 4 | 0 | 0 |
| Low | 18 | 0 | 0 |
| Info | 3 | 0 | 0 |
At the release time 1.48.0 has 3 CVE:
| SEVERITY | COUNT | FIXABLE | EXCEPTIONS |
|---|---|---|---|
| Critical | 0 | 0 | 0 |
| High | 0 | 0 | 0 |
| Medium | 1 | 0 | 0 |
| Low | 1 | 0 | 0 |
| Info | 1 | 0 | 0 |