Skip to content

fix(docker): add apt-get upgrade to address security vulnerabilities#1154

Merged
usmansaleem merged 4 commits intoConsensys:masterfrom
usmansaleem:docker_image_lib_upgrades
Jan 20, 2026
Merged

fix(docker): add apt-get upgrade to address security vulnerabilities#1154
usmansaleem merged 4 commits intoConsensys:masterfrom
usmansaleem:docker_image_lib_upgrades

Conversation

@usmansaleem
Copy link
Collaborator

@usmansaleem usmansaleem commented Jan 20, 2026
edited by cursor bot
Loading

PR Description

Include apt-get upgrade -y in the base image setup to ensure all
packages receive security updates. This addresses CVE-2025-68973
in gpgv and other potential vulnerabilities in the base image.

Fixed Issue(s)

Documentation

  • I thought about documentation and added the doc-change-required label to this PR if updates are required.

Changelog

  • I thought about adding a changelog entry, and added one if I deemed necessary.

Testing

  • I thought about testing these changes in a realistic/non-local environment.

Note

Improves container security by ensuring base image packages are fully patched during build and documenting the change.

  • docker/Dockerfile: adds apt-get upgrade -y to apply all available security updates during build; retains minimal deps and non-root web3signer user
  • CHANGELOG.md: new Security notes highlighting mitigation for CVE-2025-68973 in gpgv and that images now apply all security updates during build

Written by Cursor Bugbot for commit a6cd012. This will update automatically on new commits. Configure here.

@usmansaleem
fix(docker): add apt-get upgrade to address security vulnerabilities
8d2b388 
Include apt-get upgrade -y in the base image setup to ensure all
packages receive security updates. This addresses CVE-2025-68973
in gpgv and other potential vulnerabilities in the base image.
@usmansaleem
changelog
bdf34e2
@usmansaleem
Merge remote-tracking branch 'upstream/master' into docker_image_lib_…
3dc721d 
…upgrades
@usmansaleem usmansaleem requested a review from macfarla January 20, 2026 00:05
joshuafernandes
joshuafernandes approved these changes Jan 20, 2026
View reviewed changes
Copy link
Contributor

@joshuafernandes joshuafernandes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@usmansaleem usmansaleem merged commit d8ea31d into Consensys:master Jan 20, 2026
8 checks passed
@github-actions github-actions bot locked and limited conversation to collaborators Jan 20, 2026
@usmansaleem usmansaleem deleted the docker_image_lib_upgrades branch January 20, 2026 01:07
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@joshuafernandes joshuafernandes joshuafernandes approved these changes

@macfarla macfarla Awaiting requested review from macfarla

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@usmansaleem @joshuafernandes

Comments