Security: Apparent RCE zero-day for Nginx

This is related to the docker container of Seafile. Will there be any updates to seafile-mc to address this issue? I don’t want to sound like a broken record, but this is one of the many disadvantages of bundling many services into one docker container. This wouldn’t be an issue if services were split into multiple containers, as it would only be necessary to update the official Nginx container on its own.

1 Like

yeah, i feel you. just noticed that out old Seafile distribution (we’re too afraid to upgrade) still runs nginx 1.14.

actually, the whole container technology was never intended to run more than one main process.