From c0c6a9dde6ec3e22f38d2aa88427b6977c52c93b Mon Sep 17 00:00:00 2001 From: Rophy Tsai Date: Fri, 3 Jul 2026 04:52:41 +0000 Subject: [PATCH] fix: upgrade base image packages to fix critical CVEs Add apt-get upgrade in runtime stage to patch: - CVE-2025-58050 (libpcre2 heap buffer overflow) - CVE-2026-31789 (openssl heap buffer overflow) --- Dockerfile.release | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile.release b/Dockerfile.release index efdf850b..97a943ad 100644 --- a/Dockerfile.release +++ b/Dockerfile.release @@ -188,6 +188,7 @@ ENV DEBIAN_FRONTEND=noninteractive # Minimal runtime dependencies only RUN set -eu && \ apt-get update && \ + apt-get -y upgrade --no-install-recommends && \ apt-get -y install --no-install-recommends libaio1t64 && \ ln -s libaio.so.1t64 /usr/lib/x86_64-linux-gnu/libaio.so.1 && \ apt-get clean && \