From 4b8242d54f3846261c50db866b4f9d29febe9eff Mon Sep 17 00:00:00 2001
From: Ashley Smith <ashley.smith@thetradedesk.com>
Date: Wed, 10 Dec 2025 13:43:23 -0700
Subject: [PATCH 1/3] fix libpng vulnerability for docker

---
 Dockerfile | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 83972c87..2441fdf8 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,9 @@
 # sha from https://hub.docker.com/layers/library/eclipse-temurin/21.0.8_9-jre-alpine-3.22/images/sha256-3408c45e1faee20e4e68808939a75f87efa469b927d20e12309689ead053daba
 FROM eclipse-temurin@sha256:4ca7eff3ab0ef9b41f5fefa35efaeda9ed8d26e161e1192473b24b3a6c348aef
 
+# Fix CVE-2025-66293: Update libpng from 1.6.47-r0 to 1.6.53-r0
+RUN apk upgrade --no-cache libpng
+
 WORKDIR /app
 EXPOSE 8089
 

From 1c6b75040db30ecf2940002aa89d31895fd2e96e Mon Sep 17 00:00:00 2001
From: Ashley Smith <ashley.smith@thetradedesk.com>
Date: Thu, 11 Dec 2025 11:13:00 -0700
Subject: [PATCH 2/3] trivy ignore for now

---
 .trivyignore | 2 ++
 Dockerfile   | 3 ---
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/.trivyignore b/.trivyignore
index 6c245bda..80cd0bbc 100644
--- a/.trivyignore
+++ b/.trivyignore
@@ -19,3 +19,5 @@ CVE-2025-64720 exp:2026-06-05
 # UID2-6340
 CVE-2025-65018 exp:2026-06-05
 
+# libpng vulnerability in base image - accepted risk
+CVE-2025-66293
diff --git a/Dockerfile b/Dockerfile
index 2441fdf8..83972c87 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,9 +1,6 @@
 # sha from https://hub.docker.com/layers/library/eclipse-temurin/21.0.8_9-jre-alpine-3.22/images/sha256-3408c45e1faee20e4e68808939a75f87efa469b927d20e12309689ead053daba
 FROM eclipse-temurin@sha256:4ca7eff3ab0ef9b41f5fefa35efaeda9ed8d26e161e1192473b24b3a6c348aef
 
-# Fix CVE-2025-66293: Update libpng from 1.6.47-r0 to 1.6.53-r0
-RUN apk upgrade --no-cache libpng
-
 WORKDIR /app
 EXPOSE 8089
 

From b6f72189527825cd9dcad823f14ad13237669174 Mon Sep 17 00:00:00 2001
From: Ashley Smith <ashley.smith@thetradedesk.com>
Date: Thu, 11 Dec 2025 11:15:29 -0700
Subject: [PATCH 3/3] updated with ticket number

---
 .trivyignore | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.trivyignore b/.trivyignore
index 80cd0bbc..bba3f335 100644
--- a/.trivyignore
+++ b/.trivyignore
@@ -19,5 +19,5 @@ CVE-2025-64720 exp:2026-06-05
 # UID2-6340
 CVE-2025-65018 exp:2026-06-05
 
-# libpng vulnerability in base image - accepted risk
-CVE-2025-66293
+# UID2-6385
+CVE-2025-66293 exp:2026-06-15