v1.6.1 contains sqlite-libs (3.48.0-r2) CVE-2025-6965 #1500
Description
Current Issue
The current image contains a CVE finding since mid of July, see https://nvd.nist.gov/vuln/detail/CVE-2025-6965 for reference.
Could you please release a new version with updated packages?
Further considerations
And out of interest: Why are the controllers built on top of an alpine distribution with dozens of packages. Most of them I suspect will not be used at all. I think it it would be a good security improvement to avoid having any unused dependencies inside the image.
Could changing the base image something you would consider for the flux2 project?
Best regards, Luis