github mattrobinsonsre/terrapod v0.23.5
on GitHub

5 hours ago

Security patch.

Security

  • CVE-2026-27135 (nghttp2 HTTP/2 DoS) — Debian 13 shipped a fix as libnghttp2-14 1.64.0-1.1+deb13u1. The api / listener / migrations images run apt-get upgrade -y but the build layer was cached from before the patched package was published, so rebuilt images still carried the vulnerable 1.64.0-1.1. Added a dated APT_REFRESH build-arg to the three Debian Dockerfiles (mirroring the runner image's existing APK_REFRESH) so the apt layer is invalidated and the security patch is pulled. Verified clean with trivy image.

Status

Beta — drop-in upgrade from v0.23.x. No code or API changes; image-only.

Full Changelog: v0.23.4...v0.23.5

Check out latest releases or
releases around mattrobinsonsre/terrapod v0.23.5

Don't miss a new terrapod release

NewReleases is sending notifications on new releases.

Get notifications