Skip to content

Updated docker base image to get rid of CVE-2026-24515 #2349

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
RSam25 merged 3 commits into from
Feb 8, 2026
Merged

Updated docker base image to get rid of CVE-2026-24515 #2349

RSam25 merged 3 commits into from
Feb 8, 2026

Conversation

@RSam25
Copy link
Contributor

@RSam25 RSam25 commented Feb 6, 2026
edited
Loading

Summary of changes:

  • Updated base eclipse temurin image to version with libexpat vulnerability fix

Tests ran:

  • Docker image builds successfully
  • Vulnerability scan passes
  • E2E tests in Publish Snapshot Operator pass

@RSam25 RSam25 changed the title Updated base alpine image to get rid of CVE Updated docker base image to get rid of CVE Feb 6, 2026
@RSam25 RSam25 changed the title Updated docker base image to get rid of CVE Updated docker base image to get rid of CVE-2026-24515 Feb 6, 2026
@mcollins-ttd
Copy link
Contributor

mcollins-ttd commented Feb 6, 2026

Should we update .trivyignore?

@RSam25
Copy link
Contributor Author

RSam25 commented Feb 6, 2026

Should we update .trivyignore?

Yeah didn't notice it was in trivyignore. Thanks for pointing it out. I have updated .trivyignore.

sophia-chen-ttd
sophia-chen-ttd reviewed Feb 6, 2026
View reviewed changes
scripts/azure-cc/Dockerfile
FROM eclipse-temurin@sha256:693c22ea458d62395bac47a2da405d0d18c77b205211ceec4846a550a37684b6

# Install necessary packages and set up virtual environment
RUN apk update && apk add --no-cache --upgrade libpng && apk add --no-cache jq python3 py3-pip && \
Copy link
Contributor

@sophia-chen-ttd sophia-chen-ttd Feb 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Curious why are we removing --upgrade libpng && apk add --no-cache ?

Copy link
Contributor Author

@RSam25 RSam25 Feb 6, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was a temporary fix to a libpng CVE. The package has been updated by the base image.

@RSam25 RSam25 merged commit 8ea7713 into main Feb 8, 2026
9 checks passed
@RSam25 RSam25 deleted the srm-UID2-6553-fix-libexpat-cve branch February 8, 2026 22:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sophia-chen-ttd sophia-chen-ttd sophia-chen-ttd approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@RSam25 @mcollins-ttd @sophia-chen-ttd