release: v0.2.4 — rebuild to clear libssh2 CVE-2026-55200 (PLAT-1259)#69
release: v0.2.4 — rebuild to clear libssh2 CVE-2026-55200 (PLAT-1259)#69lucasmundim wants to merge 3 commits into
Conversation
Cuts v0.2.4 to rebuild the image on the current python:3.12-slim base, clearing a CRITICAL container-image vulnerability SCC flagged on the deployed digest: libssh2 CVE-2026-55200 (CVSS 8.1, exploit available), an OS base-layer package. No application changes. Also ships the pending [Unreleased] startup/OpenAPI-fetch fix.
lmyers-ps
left a comment
There was a problem hiding this comment.
🔍 Automated Cloud Review: #69
Thank you for submitting this PR to rebuild the container image and clear the critical libssh2 vulnerability (CVE-2026-55200). It is highly proactive and clean!
We ran our suite of 8 parallel automated reviewers (best-practices, dry, error-handling, functionality, test-coverage, type-design, performance, security). Our findings are summarized below:
📊 Summary of Findings
- 🔴 BLOCKING (Critical): 0
- 🟡 IMPORTANT (Warning): 1
- 🟢 SUGGESTION (Info): 0
🛠️ Detailed Review Comments
🟡 IMPORTANT: Out-of-Sync Lockfile (uv.lock)
- Reviewers:
functionality - Location:
uv.lock:1594 - Description: The
pyproject.tomlversion has been bumped from0.2.3to0.2.4, but theuv.locklockfile was not updated in this PR and still references version0.2.3.
Current Code in uv.lock:
[[package]]
name = "openfilter-mcp"
version = "0.2.3"Recommended Fix:
[[package]]
name = "openfilter-mcp"
version = "0.2.4"Why this helps:
- In the Dockerfile,
uv sync --lockedis executed. Enforcing--lockedchecks that the lockfile is perfectly in sync with the project's configurations. Since the version is out-of-sync,--lockedmode will fail (falling back to an unlocked sync which is slower and non-deterministic). - In the Dockerfile.slim, the standard
uv syncwithout a fallback might fail or automatically alter the lockfile inside the ephemeral docker container, defeating lockfile reproducibility.
Automated Cloud Review
shingonoide
left a comment
There was a problem hiding this comment.
Thanks for turning this around quickly. One net-new point on determinism.
As written the release clears the CVE only if the floating python:3.12-slim base has already picked up the patched libssh2 when the image builds; nothing here pins or upgrades it. Upstream libssh2 has no release past 1.11.1, so the fix ships as a Debian package patch (on trixie the package is libssh2-1t64, currently 1.11.1-1+deb13u1), which means the base distro and its snapshot determine whether the CVE is actually cleared. To make the release deterministic, consider one of: apt-get install -y --only-upgrade libssh2-1 after apt-get update in Dockerfile.slim, pin the base image by digest, or add a post-build Trivy/grype gate that fails if CVE-2026-55200 is still present. Today the slim base resolves to trixie and does pull the fixed package, but that is a property of the current upstream image, not of this PR.
- Bump uv.lock openfilter-mcp 0.2.3 -> 0.2.4 so `uv sync --locked` stays reproducible (the version bump left it out of sync). Verified with `uv lock --check`. - Explicitly `apt-get --only-upgrade libssh2-1t64` in Dockerfile and Dockerfile.slim so CVE-2026-55200 is cleared deterministically instead of relying on the floating python:3.12-slim base already carrying the patch.
|
Good catch — fixed in the latest push. Bumped |
|
Agreed, made it deterministic — added |
lmyers-ps
left a comment
There was a problem hiding this comment.
🔍 Automated Cloud Review: #69 (Approved)
Fantastic work! All previous findings have been fully and robustly addressed. The package version for openfilter-mcp is now perfectly synchronized across pyproject.toml and uv.lock. Additionally, the explicit, deterministic package upgrade of libssh2-1t64 in the Dockerfiles is clean, robust, and correctly aligned with Debian Trixie standards.
We have approved this Pull Request.
📊 Summary of Findings
- 🔴 BLOCKING (Critical): 0
- 🟡 IMPORTANT (Warning): 0
- 🟢 SUGGESTION (Info): 1 (Documented below)
💡 Unposted Suggestions / Additional Notes
🟢 Align Security Patching for Dockerfile.gpu
- Reviewers:
security,best-practices - Location:
Dockerfile.gpu:21 - Description: While
DockerfileandDockerfile.slimnow deterministically patch thelibssh2vulnerability,Dockerfile.gpuremains unchanged. Since the GPU-enabled Docker stage is built ondebian:bookworm-slim(Debian 12), the library is namedlibssh2-1(notlibssh2-1t64). - Recommended Fix: Add a corresponding deterministic upgrade step for
libssh2-1insideDockerfile.gputo ensure complete parity across standard and GPU deployment artifacts:
RUN apt-get update && apt-get install -y git curl libgomp1 \
&& apt-get install -y --only-upgrade libssh2-1 \
&& rm -rf /var/lib/apt/lists/*Automated Cloud Review
Dockerfile and Dockerfile.slim already upgrade libssh2 explicitly; do the same in Dockerfile.gpu for parity. Its final stage is debian:bookworm-slim (Debian 12), where the package is libssh2-1 (not the trixie t64 name).
|
Good catch — applied the same fix to |
shingonoide
left a comment
There was a problem hiding this comment.
The trixie slim and Dockerfile fixes are correct and uv.lock is in sync. But the new Dockerfile.gpu step is a no-op on bookworm, so the full image still carries CVE-2026-55200. Detail inline.
| # debian:bookworm-slim (Debian 12), where the package is libssh2-1 (not the | ||
| # trixie t64 name used in Dockerfile/Dockerfile.slim). | ||
| RUN apt-get update && apt-get install -y git curl libgomp1 \ | ||
| && apt-get install -y --only-upgrade libssh2-1 \ |
There was a problem hiding this comment.
Verified live against debian:bookworm-slim: apt-cache policy libssh2-1 resolves to candidate 1.10.0-3+b1 from bookworm/main, and the Debian security tracker marks bookworm libssh2 (1.10.0-3) vulnerable with no fixed build in bookworm or bookworm-security (the fix is in trixie-security 1.11.1-1+deb13u1, DSA-6365-1). curl already pulls 1.10.0-3+b1 via libcurl4, so --only-upgrade libssh2-1 re-resolves to that same vulnerable build and changes nothing. This stage does not clear CVE-2026-55200, so the "deterministically clear" comment is not accurate here, and the public plainsightai/openfilter-mcp:latest full image built from this Dockerfile stays exposed. Real options: move this final stage to a trixie base (package becomes libssh2-1t64, fixed at 1.11.1-1+deb13u1, matching Dockerfile and Dockerfile.slim), build or pin a fixed libssh2 from source, or add a Trivy/grype gate that fails the build if the CVE persists.
What
Cut v0.2.4 — bumps
pyproject.toml(0.2.3 → 0.2.4) and RELEASE.md so theauto-tagworkflow rebuilds and publishes a fresh image.Why
The deployed
openfilter-mcpimage (from 2026-06-16) carries a CRITICAL container-image vulnerability flagged by SCC —libssh2CVE-2026-55200 (CVSS 8.1, exploit available), an OS base-layer package. The base is alreadypython:3.12-slim, so no code change is needed — a fresh build pulls the patchedlibssh2. This release triggers that rebuild. (PLAT-1259)This release also ships the pending
[Unreleased]change (startup/OpenAPI-fetch retry +/healthendpoint).Note
Clearing the OS-package CVE depends on CI pulling a fresh base image (ephemeral runners do; if a registry build-cache is used, ensure
--pull/ no stale base-layer cache) and on the upstreampython:3.12-slimtag carrying the patchedlibssh2. Confirm the new deployed digest reports 0 critical in SCC after release.