Commit c893c39
UID2-7335: upgrade libexpat (expat) to patch CVE-2026-45186
Adds the Alpine expat package to the apk --no-cache --upgrade step so
libexpat is bumped to 2.8.1-r0 at build time, clearing the HIGH-severity
DoS-via-crafted-XML finding (CVE-2026-45186). Bumping the pinned base
image SHA is insufficient: the latest 21-jre-alpine-3.23 image still
ships libexpat 2.7.4-r0.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>1 parent a783b19 commit c893c39
1 file changed
Lines changed: 1 addition & 1 deletion
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
16 | 16 | | |
17 | 17 | | |
18 | 18 | | |
19 | | - | |
| 19 | + | |
20 | 20 | | |
21 | 21 | | |
22 | 22 | | |
| |||
0 commit comments