Commit 2671b22
authored
chore: bump version to 1.0.0-rc.3 (#237)
## Summary
- Bump version to `1.0.0-rc.3`
- Switch Dockerfile base images from `eclipse-temurin:25-{jdk,jre}`
(Ubuntu 26.04/Resolute) to `eclipse-temurin:25-{jdk,jre}-noble` (Ubuntu
24.04 LTS/Noble) to eliminate 11 pebble CVEs (6 High, 5 Medium)
## Background
`eclipse-temurin:25-*` now defaults to Ubuntu 26.04 (Resolute Raccoon),
which ships `/usr/bin/pebble` — Canonical's container service manager
compiled with Go 1.26.2. This binary carried 11 stdlib CVEs all fixed in
Go 1.26.3. Since we override `ENTRYPOINT` directly, pebble serves no
purpose and is just dead weight with a CVE surface. The `-noble`
variants (Ubuntu 24.04 LTS) do not include pebble.
Addresses: CVE-2026-39820, CVE-2026-42499, CVE-2026-33814,
CVE-2026-33811, CVE-2026-39836, CVE-2026-42501, CVE-2026-39817,
CVE-2026-39826, CVE-2026-39823, CVE-2026-39825, CVE-2026-39819
🤖 Generated with [Claude Code](https://claude.ai/claude-code)2 files changed
Lines changed: 3 additions & 3 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | 2 | | |
3 | 3 | | |
4 | | - | |
| 4 | + | |
5 | 5 | | |
6 | 6 | | |
7 | 7 | | |
| |||
56 | 56 | | |
57 | 57 | | |
58 | 58 | | |
59 | | - | |
| 59 | + | |
60 | 60 | | |
61 | 61 | | |
62 | 62 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
79 | 79 | | |
80 | 80 | | |
81 | 81 | | |
82 | | - | |
| 82 | + | |
83 | 83 | | |
84 | 84 | | |
85 | 85 | | |
| |||
0 commit comments