Skip to content

Commit 84777cf

Browse files
amckinleyclaude
andauthored
build: bump Node to 24.18 for June 2026 security releases (#354)
The June 18 2026 Node.js security releases fix several HIGH/MEDIUM CVEs on the 24.x line, with 24.17.0 as the first patched release. The service images were pinned to 24.15, below that line. Bump to 24.18-alpine3.23 (latest 24.x) to pick up the fixes, including: - CVE-2026-48618 (HIGH) TLS wildcard-depth auth bypass - CVE-2026-48933 (HIGH) WebCrypto AES integer overflow crash - CVE-2026-48928/48930/48934 (MEDIUM) TLS/SNI identity verification bypasses - CVE-2026-48619 (MEDIUM) unbounded HTTP/2 memory growth via ORIGIN frames Advisory: https://nodejs.org/en/blog/vulnerability/june-2026-security-releases Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1 parent 6511fcb commit 84777cf

1 file changed

Lines changed: 2 additions & 2 deletions

File tree

Dockerfile

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
# NOTE there is an additional build stage below that should match
2-
FROM node:24.15-alpine3.23 AS build
2+
FROM node:24.18-alpine3.23 AS build
33

44
RUN corepack enable
55

@@ -17,7 +17,7 @@ RUN corepack prepare --activate
1717
RUN pnpm install --production --frozen-lockfile > /dev/null
1818

1919
# Uses assets from build stage to reduce build size
20-
FROM node:24.15-alpine3.23
20+
FROM node:24.18-alpine3.23
2121

2222
RUN apk add --update dumb-init
2323

0 commit comments

Comments
 (0)