Webui Dockerfile: multi-stage build, upgrade to AlmaLinux 10 + Node.js 24 #490
Description
A Docker Scout scan of the webui image revealed 7 HIGH and 26 MEDIUM CVEs. 24 of the MEDIUM findings are a single perl CVE (CVE-2023-47038) reported across 24 sub-packages.
Investigation showed the perl CVE is a false positive since AlmaLinux already ships the backported fix in perl-libs-5.32.1-481.1.el9_6 — but perl and git remain in the runtime image unnecessarily, increasing attack surface and image size.
Additionally, the image uses AlmaLinux 9 (Python 3.9, requiring a setuptools downgrade workaround) and Node.js 20 (entering maintenance April 2026).