Temporal docker image Vulnerabilities

Please help us with a docker image without the below vulnerabilities. I have raised issues as well.


We see the below components of the server:v1.28.0 image have some vulnerabilities.

alpine://3.22:libcrypto3:3.5.0-r0 - CVE-2025-4575
go://go.temporal.io/server:1.18.1-0.20230217005328-b313b7f58641 - CVE-2023-3485
go://go.temporal.io/api:1.18.1 - CVE-2025-1243
go://golang.org/x/net:0.34.0 - CVE-2025-22870
go://github.com/golang/go:1.24.1 - CVE-2025-4673
go://google.golang.org/grpc:1.56.3 - CVE-2024-7246
go://go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc:0.36.4 - CVE-2023-47108
go://golang.org/x/crypto:0.32.0 - CVE-2025-22869
go://golang.org/x/oauth2:0.7.0 - CVE-2025-22868
go://github.com/golang-jwt/jwt/v4:4.5.1 - CVE-2025-30204


We see the below components of the ui:v2.39.0 image have some vulnerabilities.

alpine://3.21:c-ares:1.34.3-r0 - CVE-2025-31498
alpine://3.21:curl:8.12.1-r0 - CVE-2025-4947
alpine://3.21:brotli-libs:1.1.0-r2 - CVE-2020-36846
alpine://3.21:libcrypto3:3.3.3-r0 - CVE-2025-4575
go://github.com/golang/go:1.23.4 - CVE-2024-45341
go://golang.org/x/net:0.34.0 - CVE-2025-4673
go://github.com/golang/go:1.23.6 - CVE-2025-4673
go://golang.org/x/crypto:0.32.0 - CVE-2025-22869
go://google.golang.org/grpc:1.66.0 - CVE-2024-11407

Please help in expediting the same as we need to plan our remediation plans accordingly.

I’m working with Temporal on the similar issues with the the UI ad admin docker images. One of the suggestions is to create docker image directly from source. Below script may help.

https://github.com/temporalio/docker-builds/blob/main/docker/auto-setup.sh”