Describe the bug
Even the latest chart version 4.35.10 is based on a relatively older version on alpine image 3.0.8 which includes the libssl related vulnerability CVE-2025-15467
To Reproduce
Steps to reproduce the behavior:
- Well you can either scan the deployed container with any of the security scanner.
- Or you can run the following command
docker run --rm public.ecr.aws/docker/library/haproxy:3.0.8-alpine apk info -vv | grep ssl to check the actual versions of libssl libraries and then check the CVE details here
Expected behavior
The container should have this vulnerability fixed
Additional context
There are newer versions of alipine linux, which already have this CVE fixed, for example this one (to stick with the current minor version) public.ecr.aws/docker/library/haproxy:3.0.18-alpine. I have already scanned it and it has 3.5.5-r0 which is fixed version according to alpine webpage
Describe the bug
Even the latest chart version
4.35.10is based on a relatively older version on alpine image 3.0.8 which includes the libssl related vulnerability CVE-2025-15467To Reproduce
Steps to reproduce the behavior:
docker run --rm public.ecr.aws/docker/library/haproxy:3.0.8-alpine apk info -vv | grep sslto check the actual versions of libssl libraries and then check the CVE details hereExpected behavior
The container should have this vulnerability fixed
Additional context
There are newer versions of alipine linux, which already have this CVE fixed, for example this one (to stick with the current minor version)
public.ecr.aws/docker/library/haproxy:3.0.18-alpine. I have already scanned it and it has3.5.5-r0which is fixed version according to alpine webpage