From 067e1015dd1d4cefae899e30cf1247727eab70aa Mon Sep 17 00:00:00 2001
From: Jason Woltje <jason@diversecanvas.com>
Date: Sat, 28 Feb 2026 20:47:51 -0600
Subject: [PATCH] =?UTF-8?q?fix:=20bump=20openbao=20base=20image=202.5.0?=
 =?UTF-8?q?=E2=86=922.5.1=20(CVE-2026-24051)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

go.opentelemetry.io/otel/sdk v1.39.0 had PATH hijacking vulnerability.
Fixed in otel/sdk v1.40.0, included in openbao 2.5.1.
---
 docker/openbao/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker/openbao/Dockerfile b/docker/openbao/Dockerfile
index e89fc08..a24a332 100644
--- a/docker/openbao/Dockerfile
+++ b/docker/openbao/Dockerfile
@@ -1,4 +1,4 @@
-FROM quay.io/openbao/openbao:2.5.0
+FROM quay.io/openbao/openbao:2.5.1
 
 LABEL maintainer="Mosaic Stack <dev@mosaic.local>"
 LABEL description="OpenBao secrets management for Mosaic Stack"
-- 
2.49.1