OpenTranscribe v0.2.1 - Security Patch Release
We're releasing OpenTranscribe v0.2.1, a security patch that addresses critical vulnerabilities identified in our container images. All users are encouraged to update.
Why This Update Matters
As part of our commitment to security, we regularly scan our Docker images using industry-standard tools (Trivy, Grype). Our latest scans identified 4 critical CVEs in the base images that required immediate attention.
What's Fixed
Critical Vulnerabilities Resolved (4 → 0)
| CVE | Package | Severity | Status |
|---|---|---|---|
| CVE-2025-47917 | libmbedcrypto | CRITICAL | Fixed |
| CVE-2023-6879 | libaom3 | CRITICAL | Fixed |
| CVE-2025-7458 | libsqlite3 | CRITICAL | Fixed |
| CVE-2023-45853 | zlib | CRITICAL | Fixed |
Container Updates
Frontend:
- Upgraded from
nginx:1.29.3-alpine3.22tonginx:1.29.4-alpine3.23 - Fixed 6 vulnerabilities (3 HIGH, 3 MEDIUM) in libpng and busybox
- Added HEALTHCHECK for better container orchestration
Backend:
- Upgraded from
python:3.12-slim-bookwormtopython:3.13-slim-trixie - Moved from Debian 12 to Debian 13 "trixie" (released August 2025)
- Python updated from 3.12 to 3.13
- Added HEALTHCHECK for better container orchestration
How to Update
Docker Compose Users
# Pull latest images
docker compose pull
# Restart services
docker compose up -d
Manual Docker Users
docker pull davidamacey/opentranscribe-frontend:v0.2.1
docker pull davidamacey/opentranscribe-backend:v0.2.1
Known Remaining Issues
Some vulnerabilities remain unfixable as they have no upstream patches available:
- Frontend: 3 tiff CVEs (no Alpine fix available)
- Backend: FFmpeg CVE-2025-9951 (no Debian fix, low risk - only used for audio extraction)
These are tracked and will be addressed when upstream fixes become available.
Our Security Commitment
OpenTranscribe takes security seriously. We:
- Run automated security scans on every build
- Monitor CVE databases for new vulnerabilities
- Release patches promptly when critical issues are identified
- Document all security-related changes transparently
If you discover a security issue, please report it via our GitHub Security Advisory page.
Full Changelog
See the complete CHANGELOG for all details.
Thank you for using OpenTranscribe. Your security is our priority.