Security-related changes

I've added `apt-get -y upgrade` to the Dockerfile to ensure the latest security patches for Debian are pulled into the container and I've also hard-coded in the file extension for the CGI scripts/plugin due to some security vulnerability that's been patched in Mojolicious v9.11+ (probably should've been done this way in the first place)
2021-03-24 14:54:38 -04:00 · 2021-03-24 14:54:38 -04:00 · 34f8331365
parent f4d99b66d7
commit 34f8331365
2 changed files with 6 additions and 2 deletions
--- a/4
+++ b/4
@ -2,6 +2,7 @@ FROM perl:5.32

 # Dependency time
 RUN apt-get update
+RUN apt-get -y upgrade
 RUN apt-get -y install fortune-mod ruby
 RUN cpanm CGI
 RUN cpanm CGI::Carp
@ -9,6 +10,9 @@ RUN cpanm Mojolicious
 RUN cpanm Mojolicious::Plugin::CGI
 RUN cpanm Number::Format
 RUN cpanm Regexp::Common
+# Version 0.106 of Getopt::Long::Descriptive won't build for me; as
+# it's just a dependency for WebService::Mattermost anyways let's just
+# go with 0.105 since we know that works
 RUN cpanm RJBS/Getopt-Long-Descriptive-0.105.tar.gz
 RUN cpanm WebService::Mattermost
 RUN cpanm XML::LibXML
--- a/www-swagg.pl
+++ b/www-swagg.pl
@ -11,8 +11,8 @@ use Number::Format qw{format_number};
 plugin 'Config';

 # CGI scripts
-plugin CGI => ['/cgi-bin/guest'  => './cgi-bin/guest_mm.cgi'];
-plugin CGI => ['/cgi-bin/whoami' => './cgi-bin/whoami.cgi'  ];
+plugin CGI => ['/cgi-bin/guest.cgi'  => './cgi-bin/guest_mm.cgi'];
+plugin CGI => ['/cgi-bin/whoami.cgi' => './cgi-bin/whoami.cgi'  ];

 # Handle the session
 under sub {