fix: update libexpat and binutils to address CVE-2024-8176 and CVE-2025-0840

jpicklyk · claude · jpicklyk · commit a1a6659a1f64 · 2025-06-16T13:05:52.000-04:00
- Update libexpat to fix CVE-2024-8176 (CVSS 7.5) - Update binutils to fix CVE-2025-0840 (CVSS 6.3) - Explicitly upgrade vulnerable packages during runtime image build 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/Dockerfile b/Dockerfile
@@ -25,6 +25,9 @@ RUN ./gradlew build --no-daemon
 # Runtime stage
 FROM eclipse-temurin:23-jdk-alpine
 
+# Update packages to fix CVEs: CVE-2024-8176 (libexpat) and CVE-2025-0840 (binutils)
+RUN apk update && apk upgrade libexpat binutils
+
 WORKDIR /app
 
 # Copy the built JAR from the builder stage
