Skip to content

Commit 3d4259d

Browse files
fix(agent): upgrade libnghttp2-14 and remove stale .trivyignore
- Add apt-get upgrade for libnghttp2-14 (fixes CVE-2026-27135, HTTP/2 DoS via malformed frames after session termination) - Remove stale CVE-2026-33671 from .trivyignore (no longer detected; was suppressing nothing) - Trivy now passes with zero HIGH/CRITICAL findings and an empty .trivyignore file Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 parent 3b0fc19 commit 3d4259d

2 files changed

Lines changed: 2 additions & 1 deletion

File tree

agent/.trivyignore

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +0,0 @@
1-
CVE-2026-33671

agent/Dockerfile

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,8 @@ RUN apt-get update && \
2626
build-essential \
2727
ca-certificates \
2828
gnupg && \
29+
# Upgrade base image's CVE-2026-27135 vulnerability
30+
apt-get upgrade -y --no-install-recommends libnghttp2-14 && \
2931
# Cleanup early to keep peak disk usage low during builds.
3032
apt-get clean && \
3133
rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/*

0 commit comments

Comments
 (0)