Update to Alpine 3.19

[jnoordsij]

Proposed changes

Updates the images to use Alpine 3.19 as default version. See also https://alpinelinux.org/posts/Alpine-3.19.0-released.html.

Note: given that this requires built binaries for the new Alpine version and won't take any effect until an actual new release of nginx itself, this PR is intentionally marked as draft, so it can function both as a heads-up about the new release and a place that allows for subscription to any potential updates. It can then be merged later at any convenient time when everythins is ready. However, if it is still preferable to close this in the meantime, feel free to do so.

Checklist

Before creating a PR, run through this checklist and mark each as complete:

• I have read the CONTRIBUTING document
• I have run ./update.sh and ensured all entrypoint/Dockerfile template changes have been applied to the relevant image entrypoint scripts & Dockerfiles
• If applicable, I have added tests that prove my fix is effective or that my feature works
• If applicable, I have checked that any relevant tests pass after adding my changes
• I have updated any relevant documentation

[harryzcy]

@jnoordsij Is there any updates to this? I think triggering the workflows again will make CI to pass.

[thresheek]

Hey @harryzcy @jnoordsij

Thanks for checking in. I'm not sure moving stable to alpine 3.19 makes sense since there is no new stable nginx release since then.

As for mainline, we're likely to have a release next week, and I think it'll be fine merging it then and moving a new mainline release to 3.19.

[eromano]

@thresheek is there any update on this? Consume the new alpine will allow to fix some security issues

[thresheek]

JFYI, I've decided to postpone the move to 3.19 for mainline since the newly released version contains security fixes. It would have been a bit of a change for those willing to update to also change the underlying OS. Hope it's ok.

[rfilgas]

Are these security issues on the roadmap to resolve for mainline?
CVE-2023-47038
CVE-2024-25062

[jnoordsij]

Are these security issues on the roadmap to resolve for mainline? CVE-2023-47038 CVE-2024-25062

I'm not sure how these are in any way related to this MR; but I will gladly point you to https://github.com/docker-library/faq?tab=readme-ov-file#why-does-my-security-scanner-show-that-an-image-has-cves for some additional details on how CVEs are handled in Docker Official Images.

[jnoordsij]

For reference/those subscribed here: 29d5001 updates mainline (currently 1.25.x) to use Alpine 3.19; the new image should be available soon after docker-library/official-images#16614 is merged.

[oxpa]

Due to a couple of mistakes on my side the correct PR is docker-library/official-images#16622

[jnoordsij]

With the (upcoming) release of 1.26.0, I think the stable image can now be updated as well. Feel free to merge this; otherwise I'll close once the 1.26.0 image with new Alpine is released.

[thresheek]

Thanks @jnoordsij !