tetrate-ci opened a new pull request, #260:
URL: https://github.com/apache/skywalking-satellite/pull/260

   ## Summary
   
   Fix multiple CVEs in the Docker image by updating the build toolchain and 
runtime OpenSSL libraries:
   
   | CVE | Severity | Package | Fix |
   |-----|----------|---------|-----|
   | CVE-2026-45447 | HIGH | openssl (Alpine) | libssl3/libcrypto3 ≥ 3.5.7-r0 |
   | CVE-2026-45445 | MEDIUM | openssl (Alpine) | libssl3/libcrypto3 ≥ 3.5.7-r0 
|
   | CVE-2026-34182 | MEDIUM | openssl (Alpine) | libssl3/libcrypto3 ≥ 3.5.7-r0 
|
   | CVE-2026-42769 | MEDIUM | openssl (Alpine) | libssl3/libcrypto3 ≥ 3.5.7-r0 
|
   | CVE-2026-34181 | LOW | openssl (Alpine) | libssl3/libcrypto3 ≥ 3.5.7-r0 |
   | CVE-2026-34183 | LOW | openssl (Alpine) | libssl3/libcrypto3 ≥ 3.5.7-r0 |
   | CVE-2026-42768 | LOW | openssl (Alpine) | libssl3/libcrypto3 ≥ 3.5.7-r0 |
   | CVE-2026-42764 | MEDIUM | openssl (Alpine) | libssl3/libcrypto3 ≥ 3.5.7-r0 
|
   | CVE-2026-45446 | LOW | openssl (Alpine) | libssl3/libcrypto3 ≥ 3.5.7-r0 |
   | CVE-2026-7383 | LOW | openssl (Alpine) | libssl3/libcrypto3 ≥ 3.5.7-r0 |
   | CVE-2026-42770 | LOW | openssl (Alpine) | libssl3/libcrypto3 ≥ 3.5.7-r0 |
   | CVE-2026-34180 | LOW | openssl (Alpine) | libssl3/libcrypto3 ≥ 3.5.7-r0 |
   | CVE-2026-42767 | LOW | openssl (Alpine) | libssl3/libcrypto3 ≥ 3.5.7-r0 |
   | CVE-2026-9076 | LOW | openssl (Alpine) | libssl3/libcrypto3 ≥ 3.5.7-r0 |
   | CVE-2026-42766 | LOW | openssl (Alpine) | libssl3/libcrypto3 ≥ 3.5.7-r0 |
   | CVE-2026-42504 | HIGH | Go stdlib | golang:1.26.4 |
   | CVE-2026-27145 | MEDIUM | Go stdlib | golang:1.26.4 |
   | CVE-2026-42507 | MEDIUM | Go stdlib | golang:1.26.4 |
   
   ## Changes
   
   - `docker/Dockerfile`: Bump build base image `golang:1.26.3` → 
`golang:1.26.4`
   - `docker/Dockerfile`: Bump minimum OpenSSL library versions 
`libssl3>=3.3.7-r0` → `libssl3>=3.5.7-r0` and `libcrypto3>=3.3.7-r0` → 
`libcrypto3>=3.5.7-r0`
   
   ## Verification
   
   Local trivy scan of the rebuilt image shows 0 CVEs (alpine OS: 0, gobinary: 
0).
   
   /cc @kezhenxu94


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to