UID2-6864: Upgrade libpng to fix CVE-2026-33416 and CVE-2026-33636

BehnamMozafari · claude · BehnamMozafari · commit e05a280a6a94 · 2026-04-01T18:47:29.000+11:00
Add apk upgrade libpng to Dockerfile and Azure CC Dockerfile to
upgrade from 1.6.54-r0 to 1.6.56-r0. GCP Dockerfile already had
the upgrade in place.

Co-Authored-By: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,9 @@
 # sha from https://hub.docker.com/layers/library/eclipse-temurin/21-jre-alpine-3.23/images/sha256-693c22ea458d62395bac47a2da405d0d18c77b205211ceec4846a550a37684b6
 FROM eclipse-temurin@sha256:693c22ea458d62395bac47a2da405d0d18c77b205211ceec4846a550a37684b6
 
+# Upgrade libpng to fix CVE-2026-33416 and CVE-2026-33636
+RUN apk upgrade --no-cache libpng
+
 # For Amazon Corretto Crypto Provider
 RUN apk add --no-cache gcompat
 
diff --git a/scripts/azure-cc/Dockerfile b/scripts/azure-cc/Dockerfile
@@ -2,7 +2,7 @@
 FROM eclipse-temurin@sha256:693c22ea458d62395bac47a2da405d0d18c77b205211ceec4846a550a37684b6
 
 # Install necessary packages and set up virtual environment
-RUN apk update && apk add --no-cache jq python3 py3-pip && \
+RUN apk update && apk add --no-cache --upgrade libpng && apk add --no-cache jq python3 py3-pip && \
     python3 -m venv /venv && \
     . /venv/bin/activate && \
     pip install --no-cache-dir requests azure-identity azure-keyvault-secrets && \
