Multiple CVEs

[hurradieweltgehtunter]

Trivy reports multiple CVEs in libs:

Package	CVE/ID	Severity	Version	Fixed
libecpg	CVE-2025-12818	HIGH	17.6-r0	17.7-r0
libecpg-dev	CVE-2025-12818	HIGH	17.6-r0	17.7-r0
libpq	CVE-2025-12818	HIGH	17.6-r0	17.7-r0
libpq-dev	CVE-2025-12818	HIGH	17.6-r0	17.7-r0
postgresql17-dev	CVE-2025-12818	HIGH	17.6-r0	17.7-r0

Is an upgraded/fixed version planned?
Thx in advance

[lazespo]

Hi @hurradieweltgehtunter,

When a new version of EspoCRM is released, a new version of its Docker image will be released, and then these CVEs will also be corrected.

[hurradieweltgehtunter]

There are more CVEs:

libpng CVE-2025-64720 HIGH 1.6.47-r 1.6.51-r
libpng CVE-2025-65018 HIGH 1.6.47-r 1.6.51-r
libpng-dev CVE-2025-64720 HIGH 1.6.47-r 1.6.51-r
libpng-dev CVE-2025-65018 HIGH 1.6.47-r 1.6.51-r
busybox CVE-2024-58251 MEDIUM 1.37.0-r 1.37.0-r
busybox-binsh CVE-2024-58251 MEDIUM 1.37.0-r 1.37.0-r
libpng CVE-2025-64505 MEDIUM 1.6.47-r 1.6.51-r
libpng CVE-2025-64506 MEDIUM 1.6.47-r 1.6.51-r
libpng-dev CVE-2025-64505 MEDIUM 1.6.47-r 1.6.51-r
libpng-dev CVE-2025-64506 MEDIUM 1.6.47-r 1.6.51-r
ssl_client CVE-2024-58251 MEDIUM 1.37.0-r 1.37.0-r
busybox CVE-2025-46394 LOW 1.37.0-r 1.37.0-r
busybox-binsh CVE-2025-46394 LOW 1.37.0-r 1.37.0-r
ssl_client CVE-2025-46394 LOW 1.37.0-r 1.37.0-r

Regarding our production system this is getting critical.