Merge pull request #2455 from dbinfrago/build/guacamole-trivy

MoritzWeber0 · web-flow · commit 6469dbfcbc11 · 2025-08-12T14:01:56.000+02:00
build: Ignore irrelevant Guacamole CVEs
diff --git a/frontend/.trivyignore b/frontend/.trivyignore
@@ -8,3 +8,7 @@ CVE-2025-22869
 # https://avd.aquasec.com/nvd/2025/cve-2025-22874/
 # We don't use certificate validation in Caddy
 CVE-2025-22874
+
+# https://github.com/golang/go/issues/74831
+# Caddy doesn't use any database
+CVE-2025-47907
diff --git a/images/guacamole/.trivyignore b/images/guacamole/.trivyignore
@@ -6,3 +6,12 @@ CVE-2024-52046 exp:2025-09-01
 
 # Wait for 1.6.0
 CVE-2024-52316 exp:2025-09-01
+
+# Write is not enabled in default tomcat servlet
+CVE-2025-24813
+CVE-2024-50379
+
+# DoS attacks (ignored due to low risk; the application usually runs in isolated environments)
+CVE-2025-48988
+CVE-2024-34750
+CVE-2024-38286
