stack

Files

Jason Woltje dce975bf4e fix(#363 ): Update OpenBao image to fix CRITICAL CVE-2025-68121 + 4 HIGH CVEs

Pin OpenBao base image from unpinned :2 tag to :2.5.0 (latest stable,
released 2026-02-04) in both the Dockerfile and the dev docker-compose.

CVEs resolved:
- CVE-2025-68121 (CRITICAL): Go stdlib crypto/tls session resumption
- CVE-2024-8185 (HIGH): DoS via Raft join requests
- CVE-2024-9180 (HIGH): Root namespace privilege escalation
- CVE-2025-59043 (HIGH): DoS via malicious JSON
- CVE-2025-64761 (HIGH): Identity group root escalation

All fixed in OpenBao >= 2.4.4; v2.5.0 includes all patches plus new
features (horizontal read scalability, OCI plugin distribution).

Files changed:
- docker/openbao/Dockerfile: FROM tag 2 -> 2.5.0
- docker/docker-compose.yml: openbao + openbao-init image tags 2 -> 2.5.0

The production/swarm compose files use the custom-built
git.mosaicstack.dev/mosaic/stack-openbao image which is built FROM
this Dockerfile, so they inherit the fix on next CI build.

Fixes #363

2026-02-12 12:36:08 -06:00

openbao

fix(#363 ): Update OpenBao image to fix CRITICAL CVE-2025-68121 + 4 HIGH CVEs

2026-02-12 12:36:08 -06:00

postgres

fix(#181 ): Update Alpine packages to patch Go stdlib vulnerabilities in postgres image

2026-02-01 20:54:57 -06:00

traefik

feat(#37-41): Add domains, ideas, relationships, agents, widgets schema

2026-01-29 12:29:21 -06:00

DOCKER-COMPOSE-GUIDE.md

docs(swarm): comprehensive Docker Swarm deployment documentation