e0a39518ba
Migrated all Docker stages from Alpine 3.23 to Debian Trixie (13) to address critical CVE in Alpine's gosu package and improve security update frequency. Key changes: Updated CADDY_IMAGE to debian:trixie-slim Added gosu-builder stage to compile gosu 1.17 from source with Go 1.25.6 Migrated all builder stages to golang:1.25-trixie Updated package manager from apk to apt-get Updated user/group creation to use groupadd/useradd Changed nologin path from /sbin/nologin to /usr/sbin/nologin Security impact: Resolved gosu Critical CVE (built from source eliminates vulnerable Go stdlib) Reduced overall CVE count from 6 (bookworm) to 2 (trixie) Remaining 2 CVEs are glibc-related with no upstream fix available All Go binaries verified vulnerability-free by Trivy and govulncheck Verification: E2E tests: 243 passed (5 pre-existing failures unrelated to migration) Backend coverage: 87.2% Frontend coverage: 85.89% Pre-commit hooks: 13/13 passed TypeScript: 0 errors Refs: CVE-2026-0861 (glibc, no upstream fix - accepted risk)
Implementation Documentation Archive
This directory contains archived implementation documentation and historical records of feature development in Charon.
Purpose
These documents serve as historical references for:
- Feature implementation details and decisions
- Migration summaries and upgrade paths
- Investigation reports and debugging sessions
- Phase completion records
Document Index
Documents will be organized here after migration from the project root:
| Document | Description |
|---|---|
AGENT_SKILLS_MIGRATION_SUMMARY.md |
Agent skills system migration details |
BULK_ACL_FEATURE.md |
Bulk ACL feature implementation |
I18N_IMPLEMENTATION_SUMMARY.md |
Internationalization implementation |
IMPLEMENTATION_SUMMARY.md |
General implementation summary |
INVESTIGATION_SUMMARY.md |
Investigation and debugging records |
ISSUE_16_ACL_IMPLEMENTATION.md |
Issue #16 ACL implementation details |
PHASE_*_COMPLETE.md |
Phase completion documentation |
QA_*.md |
QA audit and verification reports |
SECURITY_*.md |
Security implementation records |
WEBSOCKET_FIX_SUMMARY.md |
WebSocket fix implementation |
Note
These are historical implementation records. For current documentation, refer to:
/docs/- Main documentation/README.md- Project overview/CONTRIBUTING.md- Contribution guidelines/CHANGELOG.md- Version history