Skip to content

fix(agent): upgrade libnghttp2-14 (CVE-2026-27135) and clear stale .trivyignore#101

Merged
scottschreckengaust merged 2 commits into
mainfrom
fix/trivy-libnghttp2
May 15, 2026
Merged

fix(agent): upgrade libnghttp2-14 (CVE-2026-27135) and clear stale .trivyignore#101
scottschreckengaust merged 2 commits into
mainfrom
fix/trivy-libnghttp2

Conversation

@scottschreckengaust
Copy link
Copy Markdown
Contributor

@scottschreckengaust scottschreckengaust commented May 15, 2026

Summary

  • Upgrades libnghttp2-14 from 1.64.0-1.1 to 1.64.0-1.1+deb13u1 in the agent Dockerfile, fixing CVE-2026-27135 (HTTP/2 DoS via malformed frames after session termination)
  • Removes stale CVE-2026-33671 from .trivyignore — this CVE is no longer detected in the image and was suppressing nothing
  • Result: zero HIGH/CRITICAL findings in Trivy with an empty .trivyignore

What changed

File Change
agent/Dockerfile Added apt-get upgrade -y --no-install-recommends libnghttp2-14 after system dep install
agent/.trivyignore Cleared (was CVE-2026-33671, no longer relevant)

Verification

$ trivy image --scanners vuln --ignore-unfixed --severity HIGH,CRITICAL bgagent-trivy-test:latest
Legend:
- '-': Not scanned
- '0': Clean (no security findings detected)

All scanners report 0 findings. No suppressions needed.

Test plan

  • Docker image builds successfully
  • Trivy passes with zero HIGH/CRITICAL, no .trivyignore entries
  • Pre-commit hooks pass
  • CI build (agent quality + image scan)

🤖 Generated with Claude Code

@scottschreckengaust @claude
fix(agent): upgrade libnghttp2-14 and remove stale .trivyignore
3d4259d 
- Add apt-get upgrade for libnghttp2-14 (fixes CVE-2026-27135, HTTP/2
  DoS via malformed frames after session termination)
- Remove stale CVE-2026-33671 from .trivyignore (no longer detected;
  was suppressing nothing)
- Trivy now passes with zero HIGH/CRITICAL findings and an empty
  .trivyignore file

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@scottschreckengaust scottschreckengaust marked this pull request as ready for review May 15, 2026 19:28
@scottschreckengaust scottschreckengaust requested a review from a team as a code owner May 15, 2026 19:28
@scottschreckengaust scottschreckengaust added this pull request to the merge queue May 15, 2026
Merged via the queue into main with commit 883a1c6 May 15, 2026
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@krokoko krokoko krokoko approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@scottschreckengaust @krokoko