Objective
The Trivy container scan added in #156/#171 is working correctly and currently fails on every PR — but nobody has fixed what it's finding yet, so it's effectively a permanent red X contributors learn to ignore. Confirmed on #172's CI run that these findings are real and unrelated to that PR's changes.
Findings (from the current image scan)
transformers 4.57.6 — CVE-2026-4372, HuggingFace transformers remote code execution, fixed in 5.3.0. Pulled in transitively via sentence-transformers in requirements.txt. This is the one worth prioritising — RCE in a dependency that's already in the API image.
zlib1g 1:1.2.13.dfsg-1 — CVE-2023-45853, CRITICAL, base OS package, marked will_not_fix upstream (Debian) — likely needs a newer base image, not a package bump.
util-linux / util-linux-extra — CVE-2026-53615, base OS package.
jaraco.context 5.3.0 — CVE-2026-23949, path traversal via malicious tar archives, fixed in 6.1.0.
wheel 0.45.1 — CVE-2026-24049, fixed in 0.46.2.
Scope
Category
Infrastructure / Security
Objective
The Trivy container scan added in #156/#171 is working correctly and currently fails on every PR — but nobody has fixed what it's finding yet, so it's effectively a permanent red X contributors learn to ignore. Confirmed on #172's CI run that these findings are real and unrelated to that PR's changes.
Findings (from the current image scan)
transformers4.57.6 — CVE-2026-4372, HuggingFace transformers remote code execution, fixed in 5.3.0. Pulled in transitively viasentence-transformersin requirements.txt. This is the one worth prioritising — RCE in a dependency that's already in the API image.zlib1g1:1.2.13.dfsg-1 — CVE-2023-45853, CRITICAL, base OS package, markedwill_not_fixupstream (Debian) — likely needs a newer base image, not a package bump.util-linux/util-linux-extra— CVE-2026-53615, base OS package.jaraco.context5.3.0 — CVE-2026-23949, path traversal via malicious tar archives, fixed in 6.1.0.wheel0.45.1 — CVE-2026-24049, fixed in 0.46.2.Scope
sentence-transformers/transformersto a version pulling intransformers>=5.3.0; confirm the RAG pipeline (ai/embed.py,ai/retriever.py) still works against the bumped versionjaraco.context,wheelpins (or their parent packages) past the fixed versionszlib1g,util-linux), evaluate moving to a newerpython:3.11-slimbase or an explicitapt-get upgradelayer, since the Debian package is marked won't-fix at the pinned versionCategory
Infrastructure / Security