[critical vulnerability] Update docker image OpenSSL library to 3.0.7

Previous OpenSSL versions apparently have a critical bug that allows for rce, the vulnerability has not been disclosed yet, so it’d be a good time to update the images. Bloated all-in-one image strikes again!


I doubt Seafile is vulnerable at all to this bug. Is it even using OpenSSL 3 at all?

They don’t. Docker image is based on focal, which uses 1.1.1:

$ docker run --rm seafileltd/seafile-mc:9.0.9 openssl version
OpenSSL 1.1.1f  31 Mar 2020

The update wasn’t even available on that time, what did you expect from Seafile team exactly? :upside_down_face:
Joking apart, I agree they shouldn’t package nginx.