Stale, vulnerable base image being used?

Hi, I noticed that current releases' images have a bazillion vulnerabilities. I looked a little closer and did a dev build which is using a base image that is built on a stale and unpatched debian 13:

│ ghcr.io/immich-app/base-server-dev:202508191104@sha256:0608857ef682099c458f0fb3- │  debian  │      6602       │    -    │
│ 19afdcaf09462bbb5670b6dcd3642029f12eee1c (debian 13.0)                           │          │                 │         │

│ ghcr.io/immich-app/base-server-dev:202508191104@sha256:0608857ef682099c458f0fb3- │  debian  │      6602       │    -    │
│ 19afdcaf09462bbb5670b6dcd3642029f12eee1c (debian 13.0)                           │          │                 │         │

(trivy)
I rebuilt the base image myself and all the vulns are gone. Is something stuck in your CI/CD so it's not building vs a recent patched base?

Immich•7mo ago•

50 replies

badcatwillum

Stale, vulnerable base image being used?

│ ghcr.io/immich-app/base-server-dev:202508191104@sha256:0608857ef682099c458f0fb3- │  debian  │      6602       │    -    │
│ 19afdcaf09462bbb5670b6dcd3642029f12eee1c (debian 13.0)                           │          │                 │         │

│ ghcr.io/immich-app/base-server-dev:202508191104@sha256:0608857ef682099c458f0fb3- │  debian  │      6602       │    -    │
│ 19afdcaf09462bbb5670b6dcd3642029f12eee1c (debian 13.0)                           │          │                 │         │

(trivy)
I rebuilt the base image myself and all the vulns are gone. Is something stuck in your CI/CD so it's not building vs a recent patched base?

Stale, vulnerable base image being used?

Similar Threads

Stale, vulnerable base image being used?

Similar Threads

Similar Threads

Similar Threads