Can you confirm/deny the docker image is being built with the updated binaries?
[trivy] Trivy scan complete: 0 critical, 4 high, 15 medium, 0 low
Scan complete: 4 critical, 23 high, 47 medium, 1 low
83 VULNERABILITIES FOUND
CVE Severity Package Version Fixed
G CVE-2026-6722 critical php84 8.4.16-r0 —
G CVE-2026-7261 critical php84 8.4.16-r0 —
G CVE-2025-14179 critical php84 8.4.16-r0 —
G CVE-2026-6104 critical php84 8.4.16-r0 —
G GHSA-3rg7-wf37-54rm high symfony/http-foundation v7.3.1 7.3.7
G GHSA-vvj3-c3rp-c85p high phpunit/phpunit 10.5.47 10.5.62
G CVE-2026-7262 high php84 8.4.16-r0 —
G CVE-2026-32631 high git 2.49.1-r0 —
G CVE-2026-6473 high libpq 17.9-r0 17.10-r0
G CVE-2026-6479 high libpq 17.9-r0 17.10-r0
G CVE-2026-6475 high libpq 17.9-r0 17.10-r0
G CVE-2026-7568 high php84 8.4.16-r0 —
G CVE-2026-7263 high php84 8.4.16-r0 —
G CVE-2025-70873 high sqlite-libs 3.49.2-r1 —
G CVE-2026-6477 high libpq 17.9-r0 17.10-r0
G CVE-2026-6637 high libpq 17.9-r0 17.10-r0
G CVE-2026-6476 high libpq 17.9-r0 17.10-r0
G CVE-2026-3805 high curl 8.14.1-r2 —
G CVE-2026-6638 high libpq 17.9-r0 17.10-r0
G CVE-2026-5773 high curl 8.14.1-r2 —
G CVE-2026-6276 high curl 8.14.1-r2 —
G CVE-2026-7258 high php84 8.4.16-r0 —
G GHSA-27qh-8cxx-2cr5 high aws/aws-sdk-php 3.349.3 3.371.4
T CVE-2026-6638 high libpq 17.9-r0 17.10-r0
T GHSA-27qh-8cxx-2cr5 high aws/aws-sdk-php 3.349.3 3.371.4
T CVE-2026-24765 high phpunit/phpunit 10.5.47 12.5.8, 8.5.52, 9.6.33, 10.5.62, 11.5.50
T CVE-2025-64500 high symfony/http-foundation v7.3.1 6.2.0, 7.3.0, 7.3.7, 5.4.50, 6.1.0, 5.4.0, 7.2.0, 6.3.0, 6.4.29, 7.1.0, 3.0.0, 4.0.0, 5.1.0, 5.2.0, 5.3.0, 5.0.0, 6.4.0
G CVE-2026-6478 medium libpq 17.9-r0 17.10-r0
G CVE-2026-1965 medium curl 8.14.1-r2 —
G CVE-2026-7168 medium curl 8.14.1-r2 —
G CVE-2016-2781 medium coreutils 9.7-r1 —
G CVE-2016-2781 medium coreutils-env 9.7-r1 —
G CVE-2016-2781 medium coreutils-fmt 9.7-r1 —
G CVE-2016-2781 medium coreutils-sha512sum 9.7-r1 —
G GHSA-22wq-q86m-83fh medium enshrined/svg-sanitize 0.21.0 0.22.0
G CVE-2025-14819 medium curl 8.14.1-r2 —
G CVE-2025-60876 medium busybox 1.37.0-r20 —
G CVE-2025-60876 medium busybox-binsh 1.37.0-r20 —
G CVE-2025-60876 medium ssl_client 1.37.0-r20 —
G CVE-2026-5545 medium curl 8.14.1-r2 —
G CVE-2025-15079 medium curl 8.14.1-r2 —
G CVE-2026-7259 medium php84 8.4.16-r0 —
G CVE-2026-6253 medium curl 8.14.1-r2 —
G CVE-2025-14524 medium curl 8.14.1-r2 —
G CVE-2026-6735 medium php84 8.4.16-r0 —
G CVE-2026-6472 medium libpq 17.9-r0 17.10-r0
G CVE-2026-6474 medium libpq 17.9-r0 17.10-r0
G CVE-2026-6429 medium curl 8.14.1-r2 —
G CVE-2026-3784 medium curl 8.14.1-r2 —
G CVE-2026-3783 medium curl 8.14.1-r2 —
...and 33 more
Can you confirm/deny the docker image is being built with the updated binaries?
[trivy] Trivy scan complete: 0 critical, 4 high, 15 medium, 0 low
Scan complete: 4 critical, 23 high, 47 medium, 1 low
83 VULNERABILITIES FOUND
CVE Severity Package Version Fixed
G CVE-2026-6722 critical php84 8.4.16-r0 —
G CVE-2026-7261 critical php84 8.4.16-r0 —
G CVE-2025-14179 critical php84 8.4.16-r0 —
G CVE-2026-6104 critical php84 8.4.16-r0 —
G GHSA-3rg7-wf37-54rm high symfony/http-foundation v7.3.1 7.3.7
G GHSA-vvj3-c3rp-c85p high phpunit/phpunit 10.5.47 10.5.62
G CVE-2026-7262 high php84 8.4.16-r0 —
G CVE-2026-32631 high git 2.49.1-r0 —
G CVE-2026-6473 high libpq 17.9-r0 17.10-r0
G CVE-2026-6479 high libpq 17.9-r0 17.10-r0
G CVE-2026-6475 high libpq 17.9-r0 17.10-r0
G CVE-2026-7568 high php84 8.4.16-r0 —
G CVE-2026-7263 high php84 8.4.16-r0 —
G CVE-2025-70873 high sqlite-libs 3.49.2-r1 —
G CVE-2026-6477 high libpq 17.9-r0 17.10-r0
G CVE-2026-6637 high libpq 17.9-r0 17.10-r0
G CVE-2026-6476 high libpq 17.9-r0 17.10-r0
G CVE-2026-3805 high curl 8.14.1-r2 —
G CVE-2026-6638 high libpq 17.9-r0 17.10-r0
G CVE-2026-5773 high curl 8.14.1-r2 —
G CVE-2026-6276 high curl 8.14.1-r2 —
G CVE-2026-7258 high php84 8.4.16-r0 —
G GHSA-27qh-8cxx-2cr5 high aws/aws-sdk-php 3.349.3 3.371.4
T CVE-2026-6638 high libpq 17.9-r0 17.10-r0
T GHSA-27qh-8cxx-2cr5 high aws/aws-sdk-php 3.349.3 3.371.4
T CVE-2026-24765 high phpunit/phpunit 10.5.47 12.5.8, 8.5.52, 9.6.33, 10.5.62, 11.5.50
T CVE-2025-64500 high symfony/http-foundation v7.3.1 6.2.0, 7.3.0, 7.3.7, 5.4.50, 6.1.0, 5.4.0, 7.2.0, 6.3.0, 6.4.29, 7.1.0, 3.0.0, 4.0.0, 5.1.0, 5.2.0, 5.3.0, 5.0.0, 6.4.0
G CVE-2026-6478 medium libpq 17.9-r0 17.10-r0
G CVE-2026-1965 medium curl 8.14.1-r2 —
G CVE-2026-7168 medium curl 8.14.1-r2 —
G CVE-2016-2781 medium coreutils 9.7-r1 —
G CVE-2016-2781 medium coreutils-env 9.7-r1 —
G CVE-2016-2781 medium coreutils-fmt 9.7-r1 —
G CVE-2016-2781 medium coreutils-sha512sum 9.7-r1 —
G GHSA-22wq-q86m-83fh medium enshrined/svg-sanitize 0.21.0 0.22.0
G CVE-2025-14819 medium curl 8.14.1-r2 —
G CVE-2025-60876 medium busybox 1.37.0-r20 —
G CVE-2025-60876 medium busybox-binsh 1.37.0-r20 —
G CVE-2025-60876 medium ssl_client 1.37.0-r20 —
G CVE-2026-5545 medium curl 8.14.1-r2 —
G CVE-2025-15079 medium curl 8.14.1-r2 —
G CVE-2026-7259 medium php84 8.4.16-r0 —
G CVE-2026-6253 medium curl 8.14.1-r2 —
G CVE-2025-14524 medium curl 8.14.1-r2 —
G CVE-2026-6735 medium php84 8.4.16-r0 —
G CVE-2026-6472 medium libpq 17.9-r0 17.10-r0
G CVE-2026-6474 medium libpq 17.9-r0 17.10-r0
G CVE-2026-6429 medium curl 8.14.1-r2 —
G CVE-2026-3784 medium curl 8.14.1-r2 —
G CVE-2026-3783 medium curl 8.14.1-r2 —
...and 33 more