Previous OpenSSL versions apparently have a critical bug that allows for rce, the vulnerability has not been disclosed yet, so it’d be a good time to update the images. Bloated all-in-one image strikes again!
https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html
I doubt Seafile is vulnerable at all to this bug. Is it even using OpenSSL 3 at all?
They don’t. Docker image is based on focal, which uses 1.1.1:
$ docker run --rm seafileltd/seafile-mc:9.0.9 openssl version OpenSSL 1.1.1f 31 Mar 2020
The update wasn’t even available on that time, what did you expect from Seafile team exactly? Joking apart, I agree they shouldn’t package nginx.