docker-node icon indicating copy to clipboard operation
docker-node copied to clipboard
verified publisher icon nodejs

node:22-alpine - new push overnight added critical vulnerability with apk / alpine/openssl / 3.1.4-r5

Open right-revenue opened this issue 3 months ago • 2 comments

Environment

  • Platform: bitbucket build for AWS Lambda
  • Docker Version:
  • Node.js Version: 22
  • Image Tag: node:22-alpine

Expected Behavior

Build should be able to communicate via SSL - specifically to pull other libraries from other locations

Current Behavior

Open SSL error fails the build on bitbucket pipeline

npm error command git --no-replace-objects ls-remote ssh://[email protected]/{PRIVATE REPO URL}.git npm error OpenSSL version mismatch. Built against 3050003f, you have 30500010 npm error fatal: Could not read from remote repository. npm error Please make sure you have the correct access rights npm error and the repository exists.

Possible Solution

Update image tag(s) to use correct version of Open SSL library

Steps to Reproduce

  1. Create bitbucket pipeline for AWS Lambda project from image tag: node:22-alpine
  2. Add external project which requires SSL connection to retrieve repo
  3. Build fails with OpenSSL error

Additional Information

This was working perfectly until an update on 24/09/2025

right-revenue avatar Sep 25 '25 09:09 right-revenue

  • Relates to issue https://gitlab.alpinelinux.org/alpine/aports/-/issues/17547

MikeMcC399 avatar Sep 26 '25 11:09 MikeMcC399

  • Relates to issue https://gitlab.alpinelinux.org/alpine/aports/-/issues/17547

This issue has been resolved.

chughpiyush avatar Oct 03 '25 07:10 chughpiyush