tetrate-ci opened a new pull request, #260: URL: https://github.com/apache/skywalking-satellite/pull/260
## Summary Fix multiple CVEs in the Docker image by updating the build toolchain and runtime OpenSSL libraries: | CVE | Severity | Package | Fix | |-----|----------|---------|-----| | CVE-2026-45447 | HIGH | openssl (Alpine) | libssl3/libcrypto3 ≥ 3.5.7-r0 | | CVE-2026-45445 | MEDIUM | openssl (Alpine) | libssl3/libcrypto3 ≥ 3.5.7-r0 | | CVE-2026-34182 | MEDIUM | openssl (Alpine) | libssl3/libcrypto3 ≥ 3.5.7-r0 | | CVE-2026-42769 | MEDIUM | openssl (Alpine) | libssl3/libcrypto3 ≥ 3.5.7-r0 | | CVE-2026-34181 | LOW | openssl (Alpine) | libssl3/libcrypto3 ≥ 3.5.7-r0 | | CVE-2026-34183 | LOW | openssl (Alpine) | libssl3/libcrypto3 ≥ 3.5.7-r0 | | CVE-2026-42768 | LOW | openssl (Alpine) | libssl3/libcrypto3 ≥ 3.5.7-r0 | | CVE-2026-42764 | MEDIUM | openssl (Alpine) | libssl3/libcrypto3 ≥ 3.5.7-r0 | | CVE-2026-45446 | LOW | openssl (Alpine) | libssl3/libcrypto3 ≥ 3.5.7-r0 | | CVE-2026-7383 | LOW | openssl (Alpine) | libssl3/libcrypto3 ≥ 3.5.7-r0 | | CVE-2026-42770 | LOW | openssl (Alpine) | libssl3/libcrypto3 ≥ 3.5.7-r0 | | CVE-2026-34180 | LOW | openssl (Alpine) | libssl3/libcrypto3 ≥ 3.5.7-r0 | | CVE-2026-42767 | LOW | openssl (Alpine) | libssl3/libcrypto3 ≥ 3.5.7-r0 | | CVE-2026-9076 | LOW | openssl (Alpine) | libssl3/libcrypto3 ≥ 3.5.7-r0 | | CVE-2026-42766 | LOW | openssl (Alpine) | libssl3/libcrypto3 ≥ 3.5.7-r0 | | CVE-2026-42504 | HIGH | Go stdlib | golang:1.26.4 | | CVE-2026-27145 | MEDIUM | Go stdlib | golang:1.26.4 | | CVE-2026-42507 | MEDIUM | Go stdlib | golang:1.26.4 | ## Changes - `docker/Dockerfile`: Bump build base image `golang:1.26.3` → `golang:1.26.4` - `docker/Dockerfile`: Bump minimum OpenSSL library versions `libssl3>=3.3.7-r0` → `libssl3>=3.5.7-r0` and `libcrypto3>=3.3.7-r0` → `libcrypto3>=3.5.7-r0` ## Verification Local trivy scan of the rebuilt image shows 0 CVEs (alpine OS: 0, gobinary: 0). /cc @kezhenxu94 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
