From 9fa12ff616b8d81fe10353ca8a4beac80b6c290c Mon Sep 17 00:00:00 2001
From: Gero Posmyk-Leinemann <gero@gitpod.io>
Date: Mon, 9 Mar 2026 10:16:34 +0000
Subject: [PATCH] Bump proxy base image to caddy/caddy:2.11.2-alpine

Same fix as the other Caddy-based images (dashboard, ide-proxy) from

Together with the existing apk upgrade --no-cache, this resolves
CVE-2026-22184 (zlib 1.3.1-r2 -> 1.3.2-r0).

Co-authored-by: Ona <no-reply@ona.com>
---
 components/proxy/Dockerfile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/components/proxy/Dockerfile b/components/proxy/Dockerfile
index 33c0f5549d2d5d..9cfa1035853444 100644
--- a/components/proxy/Dockerfile
+++ b/components/proxy/Dockerfile
@@ -9,7 +9,7 @@ WORKDIR /plugins
 COPY plugins /plugins
 
 # build caddy
-RUN xcaddy build v2.11.1 \
+RUN xcaddy build v2.11.2 \
   --output /caddy \
   --with github.com/gitpod-io/gitpod/proxy/plugins/corsorigin=/plugins/corsorigin \
   --with github.com/gitpod-io/gitpod/proxy/plugins/secwebsocketkey=/plugins/secwebsocketkey \
@@ -22,7 +22,7 @@ RUN xcaddy build v2.11.1 \
   --with github.com/gitpod-io/gitpod/proxy/plugins/sshtunnel=/plugins/sshtunnel \
   --with github.com/gitpod-io/gitpod/proxy/plugins/frontend_dev=/plugins/frontend_dev
 
-FROM caddy/caddy:2.11-alpine
+FROM caddy/caddy:2.11.2-alpine
 
 # Ensure latest packages are present, like security updates.
 RUN apk upgrade --no-cache \