The `unleash-proxy:latest` Docker image contains vulnerable OpenSSL packages affected by CVE-2025-15467 (Critical severity).

[jakeybrown92]

Describe the bug

Current versions

• libcrypto3: 3.5.4-r0 (vulnerable)
• libssl3: 3.5.4-r0 (vulnerable)

Required versions

• libcrypto3: 3.5.5-r0+
• libssl3: 3.5.5-r0+

Fix

Rebuild the Docker image to pull updated Alpine packages. The Dockerfile already has apk upgrade, just needs a fresh build.

CVE Details

https://www.cve.org/CVERecord?id=CVE-2025-15467

Steps to reproduce the bug

No response

Expected behavior

No response

Logs, error output, etc.

Screenshots

No response

Additional context

No response

Unleash version

No response

Subscription type

None

Hosting type

None

SDK information (language and version)

No response

[gastonfournier]

We published 1.4.17 of the proxy. The docker image should also be updated with the latest node image we're using in Unleash. Please let us know if that solved the security vulnerability.

[jakeybrown92]

@gastonfournier Yes i already picked it up from this mornings docker rebuild. All looks good now. Thanks

apk list --installed | grep openssl
libcrypto3-3.5.5-r0 x86_64 {openssl} (Apache-2.0) [installed]
libssl3-3.5.5-r0 x86_64 {openssl} (Apache-2.0) [installed]