github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-06 10:58:17 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[GH-ISSUE #12284] feat: move base image of openwebui to fix vulnerabilities #32061

New Issue
Closed
opened 2026-04-25 05:56:59 -05:00 by GiteaMirror · 8 comments
GiteaMirror commented 2026-04-25 05:56:59 -05:00
Owner
Copy Link

Originally created by @thenicekat on GitHub (Apr 1, 2025).
Original GitHub issue: https://github.com/open-webui/open-webui/issues/12284

Check Existing Issues

  • I have searched the existing issues and discussions.

Problem Description

Openwebui currently uses python3.11-slim-bookworm as the base image which brings with itself quite a lot of vulnerabilities. Is there any plan on fixing these?

Ref: https://hub.docker.com/layers/library/python/3.11-slim-bookworm/images/sha256-55a4707a91d43b6397215a57b818d2822e66c27fd973bb82eb71b7512c15a4da

Desired Solution you'd like

Can we possibly move to a better base image or maybe move to a distroless image. I would be glad to help you out here.

Alternatives Considered

No response

Additional Context

No response

Originally created by @thenicekat on GitHub (Apr 1, 2025). Original GitHub issue: https://github.com/open-webui/open-webui/issues/12284 ### Check Existing Issues - [x] I have searched the existing issues and discussions. ### Problem Description Openwebui currently uses python3.11-slim-bookworm as the base image which brings with itself quite a lot of vulnerabilities. Is there any plan on fixing these? Ref: https://hub.docker.com/layers/library/python/3.11-slim-bookworm/images/sha256-55a4707a91d43b6397215a57b818d2822e66c27fd973bb82eb71b7512c15a4da ### Desired Solution you'd like Can we possibly move to a better base image or maybe move to a distroless image. I would be glad to help you out here. ### Alternatives Considered _No response_ ### Additional Context _No response_
GiteaMirror commented 2026-04-25 05:57:00 -05:00
Author
Owner
Copy Link

@gaby commented on GitHub (Apr 5, 2025):

@thenicekat If you add the platform filter, you will see it only has 1 critical CVE. The image for py3.12 has none.

<!-- gh-comment-id:2780747507 --> @gaby commented on GitHub (Apr 5, 2025): @thenicekat If you add the platform filter, you will see it only has 1 critical CVE. The image for py3.12 has none.
GiteaMirror commented 2026-04-25 05:57:00 -05:00
Author
Owner
Copy Link

@gaby commented on GitHub (Apr 5, 2025):

Distroless doesnt have things like a shell, which Open-WebUI relies on. It would also not allow users to exec into the container.

<!-- gh-comment-id:2780748733 --> @gaby commented on GitHub (Apr 5, 2025): Distroless doesnt have things like a shell, which Open-WebUI relies on. It would also not allow users to exec into the container.
GiteaMirror commented 2026-04-25 05:57:01 -05:00
Author
Owner
Copy Link

@gaby commented on GitHub (Apr 6, 2025):

@tjbck I can submit a PR to bump the Docker base image to python3.12-slim-bookworm if that's OK with you. It will solve several of these issues from the base image.

<!-- gh-comment-id:2781691453 --> @gaby commented on GitHub (Apr 6, 2025): @tjbck I can submit a PR to bump the Docker base image to `python3.12-slim-bookworm` if that's OK with you. It will solve several of these issues from the base image.
GiteaMirror commented 2026-04-25 05:57:01 -05:00
Author
Owner
Copy Link

@tjbck commented on GitHub (Apr 6, 2025):

3.12 should also work out of the box, PR welcome!

<!-- gh-comment-id:2781695276 --> @tjbck commented on GitHub (Apr 6, 2025): 3.12 should also work out of the box, PR welcome!
GiteaMirror commented 2026-04-25 05:57:02 -05:00
Author
Owner
Copy Link

@gaby commented on GitHub (Apr 6, 2025):

PR submitted.

<!-- gh-comment-id:2781697182 --> @gaby commented on GitHub (Apr 6, 2025): PR submitted.
GiteaMirror commented 2026-04-25 05:57:03 -05:00
Author
Owner
Copy Link

@thenicekat commented on GitHub (Apr 7, 2025):

Thank you.

<!-- gh-comment-id:2781941049 --> @thenicekat commented on GitHub (Apr 7, 2025): Thank you.
GiteaMirror commented 2026-04-25 05:57:05 -05:00
Author
Owner
Copy Link

@Azzeo commented on GitHub (May 2, 2025):

This PR was reverted:

reverting due to arm64/linux cuda build failure.

Can this be looked at again?

<!-- gh-comment-id:2848143292 --> @Azzeo commented on GitHub (May 2, 2025): This PR was reverted: > reverting due to arm64/linux cuda build failure. Can this be looked at again?
GiteaMirror commented 2026-04-25 05:57:06 -05:00
Author
Owner
Copy Link

@thenicekat commented on GitHub (May 6, 2025):

@tjbck can we open this issue atleast to keep track of upgrading the base image?

<!-- gh-comment-id:2853360298 --> @thenicekat commented on GitHub (May 6, 2025): @tjbck can we open this issue atleast to keep track of upgrading the base image?
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#32061
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?