From 7771d83e5f1e5e01e1f28aedafd11b895e79d539 Mon Sep 17 00:00:00 2001
From: Rene Pfeuffer <rene.pfeuffer@cloudogu.com>
Date: Wed, 11 Mar 2026 09:39:48 +0000
Subject: [PATCH] Update zlib in alpine docker image

This prevents a (false positive) finding for CVE-2026-22184
with high severity by Trivy.
---
 gradle/changelog/zlib.yaml             | 2 ++
 scm-packaging/docker/Dockerfile.alpine | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)
 create mode 100644 gradle/changelog/zlib.yaml

diff --git a/gradle/changelog/zlib.yaml b/gradle/changelog/zlib.yaml
new file mode 100644
index 0000000000..4a0ddc9184
--- /dev/null
+++ b/gradle/changelog/zlib.yaml
@@ -0,0 +1,2 @@
+- type: fixed
+  description: Update zlib library in alpine base image for docker to avoid CVE-2026-22184
diff --git a/scm-packaging/docker/Dockerfile.alpine b/scm-packaging/docker/Dockerfile.alpine
index 7bb773093e..cf3f2740b6 100644
--- a/scm-packaging/docker/Dockerfile.alpine
+++ b/scm-packaging/docker/Dockerfile.alpine
@@ -27,7 +27,6 @@ RUN set -x \
     --compress=2 \
     --output /javaruntime
 
-
 # ---
 
 # SCM-Manager runtime
@@ -45,6 +44,7 @@ COPY build/docker/opt /opt
 RUN set -x \
  # ttf-dejavu graphviz are required for the plantuml plugin
  && apk add --no-cache ttf-dejavu graphviz mercurial bash ca-certificates \
+ && apk add --no-cache --upgrade zlib \
  && adduser -S -s /bin/false -h ${SCM_HOME} -D -H -u 1000 -G root scm \
  && mkdir -p ${SCM_HOME} ${CACHE_DIR} \
  && chmod +x /opt/scm-server/bin/scm-server \