fix: upgrade vllm CPU build from v0.15.0 to v0.15.1 (#294)

MikeSpreitzer · claude · web-flow · commit 02f2e7965d48 · 2026-02-27T18:20:36.000-05:00
Addresses CVE-2025-69223 (aiohttp) and CVE-2026-0994 (protobuf) patched in the v0.15.1 security release of vllm. Closes #284 Signed-off-by: Mike Spreitzer <mspreitz@us.ibm.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
diff --git a/dockerfiles/Dockerfile.launcher.cpu b/dockerfiles/Dockerfile.launcher.cpu
@@ -2,7 +2,7 @@
 # Supports both arm64 and amd64 architectures
 
 ARG TARGETARCH
-ARG VLLM_VERSION=v0.15.0
+ARG VLLM_VERSION=v0.15.1
 
 # Define base images for each architecture
 FROM public.ecr.aws/q9t5s3a7/vllm-arm64-cpu-release-repo:${VLLM_VERSION} AS base-arm64
diff --git a/docs/upstream-versions.md b/docs/upstream-versions.md
@@ -13,5 +13,5 @@
 | **k8s.io/client-go** | `v0.34.0` | tag | `go.mod` line 9 | [kubernetes/client-go](https://github.com/kubernetes/client-go) |
 | **sigs.k8s.io/controller-runtime** | `v0.22.1` | tag | `go.mod` line 12 | [kubernetes-sigs/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) |
 | **vllm/vllm-openai** | `v0.10.2` | tag | `cmd/requester/README.md` | [vllm-project/vllm](https://github.com/vllm-project/vllm) |
-| **vllm (CPU build)** | `v0.15.0` | tag | `dockerfiles/Dockerfile.launcher.cpu` | [vllm-project/vllm](https://github.com/vllm-project/vllm) |
+| **vllm (CPU build)** | `v0.15.1` | tag | `dockerfiles/Dockerfile.launcher.cpu` | [vllm-project/vllm](https://github.com/vllm-project/vllm) |
 | **nvidia/cuda** | `12.8.0-base-ubuntu22.04` | tag | `dockerfiles/Dockerfile.requester` | [NVIDIA CUDA](https://hub.docker.com/r/nvidia/cuda) |
