Skip to content

Commit b4a6f88

Browse files
adamdelarosaneomantra
authored andcommitted
Update OpenSSL to 3.5.5
Update OpenSSL from 3.4.3 to 3.5.5 to address CVE-2025-15467, a critical stack buffer overflow vulnerability in OpenSSL versions 3.0 through 3.6. Changes: - Update RESTY_OPENSSL_VERSION to 3.5.5 (patched version) - Update RESTY_OPENSSL_PATCH_VERSION to 3.5.5 (new upstream OpenResty patch) - Affected flavors: alpine, bionic, focal, jammy, noble References: - CVE-2025-15467: https://nvd.nist.gov/vuln/detail/CVE-2025-15467 - OpenSSL 3.5.5 Release: https://github.com/openssl/openssl/releases/tag/openssl-3.5.5 Signed-off-by: Evan Wies <evan@neomantra.net>
1 parent d6663a7 commit b4a6f88

File tree

8 files changed

+19
-13
lines changed

8 files changed

+19
-13
lines changed

AUTHORS.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,3 +14,4 @@ We'd like to thank the following people for their commits:
1414
- Joel Linn <jl@conductive.de>
1515
- Kshitij Joshi <kshitijmjoshi@gmail.com>
1616
- Duncan Schulze <duschulze@gmail.com>
17+
- Adam Delarosa <gojiradam@gmail.com>

BUILDING.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -45,8 +45,8 @@ docker build --build-arg RESTY_J=4 -f jammy/Dockerfile .
4545
| RESTY_IMAGE_TAG | "noble" / "3.22.2" | The Debian or Alpine Docker image tag to build `FROM`. |
4646
| RESTY_VERSION | 1.27.1.2 | The version of OpenResty to use. |
4747
| RESTY_LUAROCKS_VERSION | 3.12.2 | The version of LuaRocks to use. |
48-
| RESTY_OPENSSL_VERSION | 3.4.3 | The version of OpenSSL to use. |
49-
| RESTY_OPENSSL_PATCH_VERSION | 3.4.1 | The version of OpenSSL to use when patching. |
48+
| RESTY_OPENSSL_VERSION | 3.5.5 | The version of OpenSSL to use. |
49+
| RESTY_OPENSSL_PATCH_VERSION | 3.5.5 | The version of OpenSSL to use when patching. |
5050
| RESTY_OPENSSL_URL_BASE | "https://github.com/openssl/openssl/releases/download/openssl-${RESTY_OPENSSL_VERSION}" | The base of the URL to download OpenSSL from. |
5151
| RESTY_OPENSSL_BUILD_OPTIONS | "enable-camellia enable-seed enable-rfc3779 enable-cms enable-md2 enable-rc5 enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method enable-md2 enable-ktls enable-fips" | Options to tweak Resty's OpenSSL build. |
5252
| RESTY_PCRE_VERSION | 10.44 | The version of PCRE2 to use. |

CHANGELOG.md

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,12 @@
11
`docker-openresty` Changelog
22
============================
33

4-
## 1.27.1.2-9 (2026-01-30)
4+
## 1.27.1.2-9 (2026-02-03)
5+
6+
* Upgrade OpenSSL to 3.5.5 (fixes CVE-2025-15467) (#291)
7+
* ci: Resolve tagged-release issue
8+
9+
## 1.27.1.2-8 (2026-01-11)
510

611
* ci: Resolve tagged-release issue
712

alpine/Dockerfile

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,8 +14,8 @@ ARG RESTY_IMAGE_TAG="3.22.2"
1414
ARG RESTY_VERSION="1.27.1.2"
1515

1616
# https://github.com/openresty/openresty-packaging/blob/master/alpine/openresty-openssl3/APKBUILD
17-
ARG RESTY_OPENSSL_VERSION="3.4.3"
18-
ARG RESTY_OPENSSL_PATCH_VERSION="3.4.1"
17+
ARG RESTY_OPENSSL_VERSION="3.5.5"
18+
ARG RESTY_OPENSSL_PATCH_VERSION="3.5.5"
1919
ARG RESTY_OPENSSL_URL_BASE="https://github.com/openssl/openssl/releases/download/openssl-${RESTY_OPENSSL_VERSION}"
2020
# LEGACY: "https://www.openssl.org/source/old/1.1.1"
2121
ARG RESTY_OPENSSL_BUILD_OPTIONS="enable-camellia enable-seed enable-rfc3779 enable-cms enable-md2 enable-rc5 \

bionic/Dockerfile

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,8 +15,8 @@ ARG RESTY_VERSION="1.27.1.2"
1515
ARG RESTY_LUAROCKS_VERSION="3.12.2"
1616

1717
# https://github.com/openresty/openresty-packaging/blob/master/deb/openresty-openssl3/debian/rules
18-
ARG RESTY_OPENSSL_VERSION="3.4.3"
19-
ARG RESTY_OPENSSL_PATCH_VERSION="3.4.1"
18+
ARG RESTY_OPENSSL_VERSION="3.5.5"
19+
ARG RESTY_OPENSSL_PATCH_VERSION="3.5.5"
2020
ARG RESTY_OPENSSL_URL_BASE="https://github.com/openssl/openssl/releases/download/openssl-${RESTY_OPENSSL_VERSION}"
2121
# LEGACY: "https://www.openssl.org/source/old/1.1.1"
2222
ARG RESTY_OPENSSL_BUILD_OPTIONS="enable-camellia enable-seed enable-rfc3779 enable-cms enable-md2 enable-rc5 \

focal/Dockerfile

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,8 +15,8 @@ ARG RESTY_VERSION="1.27.1.2"
1515
ARG RESTY_LUAROCKS_VERSION="3.12.2"
1616

1717
# https://github.com/openresty/openresty-packaging/blob/master/deb/openresty-openssl3/debian/rules
18-
ARG RESTY_OPENSSL_VERSION="3.4.3"
19-
ARG RESTY_OPENSSL_PATCH_VERSION="3.4.1"
18+
ARG RESTY_OPENSSL_VERSION="3.5.5"
19+
ARG RESTY_OPENSSL_PATCH_VERSION="3.5.5"
2020
ARG RESTY_OPENSSL_URL_BASE="https://github.com/openssl/openssl/releases/download/openssl-${RESTY_OPENSSL_VERSION}"
2121
# LEGACY: "https://www.openssl.org/source/old/1.1.1"
2222
ARG RESTY_OPENSSL_BUILD_OPTIONS="enable-camellia enable-seed enable-rfc3779 enable-cms enable-md2 enable-rc5 \

jammy/Dockerfile

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,8 +15,8 @@ ARG RESTY_VERSION="1.27.1.2"
1515
ARG RESTY_LUAROCKS_VERSION="3.12.2"
1616

1717
# https://github.com/openresty/openresty-packaging/blob/master/deb/openresty-openssl3/debian/rules
18-
ARG RESTY_OPENSSL_VERSION="3.4.3"
19-
ARG RESTY_OPENSSL_PATCH_VERSION="3.4.1"
18+
ARG RESTY_OPENSSL_VERSION="3.5.5"
19+
ARG RESTY_OPENSSL_PATCH_VERSION="3.5.5"
2020
ARG RESTY_OPENSSL_URL_BASE="https://github.com/openssl/openssl/releases/download/openssl-${RESTY_OPENSSL_VERSION}"
2121
# LEGACY: "https://www.openssl.org/source/old/1.1.1"
2222
ARG RESTY_OPENSSL_BUILD_OPTIONS="enable-camellia enable-seed enable-rfc3779 enable-cms enable-md2 enable-rc5 \

noble/Dockerfile

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,8 +15,8 @@ ARG RESTY_VERSION="1.27.1.2"
1515
ARG RESTY_LUAROCKS_VERSION="3.12.2"
1616

1717
# https://github.com/openresty/openresty-packaging/blob/master/deb/openresty-openssl3/debian/rules
18-
ARG RESTY_OPENSSL_VERSION="3.4.3"
19-
ARG RESTY_OPENSSL_PATCH_VERSION="3.4.1"
18+
ARG RESTY_OPENSSL_VERSION="3.5.5"
19+
ARG RESTY_OPENSSL_PATCH_VERSION="3.5.5"
2020
ARG RESTY_OPENSSL_URL_BASE="https://github.com/openssl/openssl/releases/download/openssl-${RESTY_OPENSSL_VERSION}"
2121
# LEGACY: "https://www.openssl.org/source/old/1.1.1"
2222
ARG RESTY_OPENSSL_BUILD_OPTIONS="enable-camellia enable-seed enable-rfc3779 enable-cms enable-md2 enable-rc5 \

0 commit comments

Comments
 (0)