From 20ea759cfc3b6be08ae9c7398dc563230bce9438 Mon Sep 17 00:00:00 2001
From: CarlosFelipeOR <carlosfelipeor@gmail.com>
Date: Wed, 17 Jun 2026 20:40:10 -0300
Subject: [PATCH] Upgrade libssl3 in Ubuntu server image

Signed-off-by: CarlosFelipeOR <carlosfelipeor@gmail.com>
---
 docker/server/Dockerfile.ubuntu | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docker/server/Dockerfile.ubuntu b/docker/server/Dockerfile.ubuntu
index 0b627318901d..f6845b023919 100644
--- a/docker/server/Dockerfile.ubuntu
+++ b/docker/server/Dockerfile.ubuntu
@@ -8,6 +8,7 @@ ARG DEBIAN_FRONTEND=noninteractive
 ARG apt_archive="http://archive.ubuntu.com"
 
 # We shouldn't use `apt upgrade` to not change the upstream image. It's updated biweekly
+# Exception: targeted --only-upgrade for libssl3 to address CVE without a general upgrade.
 
 # user/group precreated explicitly with fixed uid/gid on purpose.
 # It is especially important for rootless containers: in that case entrypoint
@@ -25,6 +26,7 @@ RUN sed -i "s|http://archive.ubuntu.com|${apt_archive}|g" /etc/apt/sources.list
         locales \
         tzdata \
         wget \
+    && apt-get install --yes --only-upgrade libssl3 \
     && busybox --install -s \
     && rm -rf /var/lib/apt/lists/* /var/cache/debconf /tmp/*