Skip to content

fix: upgrade pgbouncer alpine base image to address CVE-2025-1094 #926

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 2 commits into from
Closed

fix: upgrade pgbouncer alpine base image to address CVE-2025-1094 #926

wants to merge 2 commits into from

Conversation

@Dashing-Nelson
Copy link

@Dashing-Nelson Dashing-Nelson commented Jun 11, 2025
edited
Loading

What issues does your PR fix?

What does your PR do?

This PR upgrades the PGBouncer Alpine base image from 3.19 to 3.20 to address CVE-2025-1094 security vulnerability. The changes include:

  • Updated Dockerfile to use Alpine 3.20 in both builder and runtime stages
  • Incremented patch version from 1.22.1 to 1.22.1-patch.1
  • Added changelog entry documenting the security fix
  • Verified the updated image builds successfully

Checklist

For all Pull Requests

  • Commits are signed off
  • Commits have semantic messages
  • Documentation updated (CHANGELOG.md)
  • Passes ct linting

For releasing ONLY

  • Chart.yaml version bumped (VERSION file updated)
  • CHANGELOG.md updated

@Dashing-Nelson Dashing-Nelson mentioned this pull request Jun 11, 2025
Closed
4 tasks
@Dashing-Nelson
Update CHANGELOG.md
63aca2b 
Signed-off-by: Nelson Alfonso <[email protected]>
@stale
Copy link

stale bot commented Aug 21, 2025

This issue has been automatically marked as stale because it has not had activity in 60 days.
It will be closed in 7 days if no further activity occurs.

Thank you for your contributions.

Issues never become stale if any of the following is true:

  1. they are added to a Project
  2. they are added to a Milestone
  3. they have the lifecycle/frozen label

@stale stale bot added the lifecycle/stale lifecycle - this is stale label Aug 21, 2025
@stale stale bot closed this Sep 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thesuperzapper thesuperzapper Awaiting requested review from thesuperzapper thesuperzapper is a code owner

Assignees

No one assigned

Labels

lifecycle/stale lifecycle - this is stale

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

update PGBouncer image with latest alpine base image

1 participant

@Dashing-Nelson