From 919e7cbfb538b0d2cce290bd7821986e796638b5 Mon Sep 17 00:00:00 2001
From: "aikido-autofix[bot]"
 <119856028+aikido-autofix[bot]@users.noreply.github.com>
Date: Fri, 27 Feb 2026 10:22:08 +0000
Subject: [PATCH] fix(security): container autofix for gotenberg-fulll

---
 build/Dockerfile | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/build/Dockerfile b/build/Dockerfile
index 4aeaff32..907c7046 100644
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -56,7 +56,10 @@ RUN go build -o gotenberg -ldflags "-s -w -X 'github.com/gotenberg/gotenberg/v8/
 # Custom JRE stage
 # Credits: https://github.com/jodconverter/docker-image-jodconverter-runtime
 # ----------------------------------------------
-FROM debian:13-slim AS custom-jre-stage
+FROM debian:13-slim@sha256:1d3c811171a08a5adaa4a163fbafd96b61b87aa871bbc7aa15431ac275d3d430 AS custom-jre-stage
+
+# Setting DOCKERFILE_DATE forces a build cache refresh for the package upgrades
+ENV DOCKERFILE_DATE=2026-02-26
 
 RUN \
     apt-get update -qq &&\
@@ -78,7 +81,7 @@ RUN jlink \
 # ----------------------------------------------
 # Base image stage
 # ----------------------------------------------
-FROM debian:13-slim AS base-image-stage
+FROM debian:13-slim@sha256:1d3c811171a08a5adaa4a163fbafd96b61b87aa871bbc7aa15431ac275d3d430 AS base-image-stage
 
 ARG TIMEZONE=UTC
 ENV TZ=$TIMEZONE
@@ -108,6 +111,9 @@ LABEL org.opencontainers.image.title="Gotenberg" \
     org.opencontainers.image.documentation="https://gotenberg.dev" \
     org.opencontainers.image.source="https://github.com/gotenberg/gotenberg"
 
+# Setting DOCKERFILE_DATE forces a build cache refresh for the package upgrades
+ENV DOCKERFILE_DATE=2026-02-26
+
 RUN \
     # Create a non-root user.
     # All processes in the Docker container will run with this dedicated user.