diff --git a/Dockerfile.lambda b/Dockerfile.lambda
index b50936d..370ccf6 100644
--- a/Dockerfile.lambda
+++ b/Dockerfile.lambda
@@ -28,6 +28,16 @@ RUN --mount=from=uv,source=/uv,target=/bin/uv \
 
 FROM public.ecr.aws/lambda/python:3.14
 
+# Patch OS-level vulnerabilities (openssl, aws-lambda-rie).
+# fix CVE-2026-2673.
+RUN dnf upgrade -y openssl-libs openssl-fips-provider-latest && \
+    dnf clean all && \
+    rm -rf /var/cache/dnf
+
+# Update aws-lambda-rie to latest release to fix CVE-2026-32280.
+ADD https://github.com/aws/aws-lambda-runtime-interface-emulator/releases/latest/download/aws-lambda-rie-x86_64 /usr/local/bin/aws-lambda-rie
+RUN chmod 755 /usr/local/bin/aws-lambda-rie
+
 # Copy the runtime dependencies from the builder stage.
 COPY --from=builder ${LAMBDA_TASK_ROOT} ${LAMBDA_TASK_ROOT}
 
diff --git a/pyproject.toml b/pyproject.toml
index 0d1e9fc..7ee2d74 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = "drillapi"
-version = "0.1.2"
+version = "0.1.12"
 description = "drillapi"
 authors = [{name = "SFOE", email = "geoinformation@bfe.admin.ch"}]
 readme = "README.md"