https://justi.cz/security/2018/09/13/alpine-apk-rce.html If you use Alpine Linux in a production environment, you should 1. rebuild your images and 2. consider donating what you can to the developers. It seems like apk has one main developer who fixed this bug in less than a week. The lead maintainer of Alpine cut a new release shortly thereafter. 简单来说 作者发现了一个 Alpine Linux 的 RCE 漏洞 顺便抱怨一下 Alpine Linux 使用的公司很多 但是 apk 的 maintainer 只有一个人 各大公司应该要多多 donate 开发者 --

※ 发信站: 批踢踢实业坊(ptt.cc), 来自: 106.1.224.240 ※ 文章网址: https://webptt.com/cn.aspx?n=bbs/NetSecurity/M.1536906971.A.AA1.html