For development, I have a single image per project tagged “dev” running locally in WSL that I overwrite over and over again.

For real builds, I use pipelines on my Azure DevOps server to build the image on an agent using a remote buildkit container and push it in my internal repository. All 3 components hosted in the same kubernetes cluster.

Thanks for the correction. In that case going to be interesting how this issue progress.

This is also the vulnerability that made many people delete Keepass 2 for XC many months ago so it is very strange that they make an article that sounds like it’s a new vulnerability.