fix(orthrus): stop Dockhand flapping and wire uptime to session liveness

.github/workflows/benchmark.yml

@@ -32,7 +32,11 @@ jobs:
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
         with:
-          ref: ${{ github.event.workflow_run.head_sha || github.sha }}
+          # For pull_request events, use the branch HEAD SHA (not the ephemeral merge
+          # commit that github.sha resolves to), which is directly fetchable by SHA.
+          # For workflow_run events fall back to the triggering HEAD SHA.
+          # For push/workflow_dispatch fall back to github.sha.
+          ref: ${{ github.event.pull_request.head.sha || github.event.workflow_run.head_sha || github.sha }}
 
       - name: Set up Go
         uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6

.gitignore

@@ -326,3 +326,6 @@ backend/test_out.txt
 backend/cf_coverage.txt
 backend/***_coverage.txt
 backend/***_cov.txt
+.tmp/caddy-binary-pin-cleanup
+.tmp/caddy-binary-pin-cleanup-local.tar
+.tmp/***

.trivyignore

@@ -103,3 +103,13 @@ CVE-2026-33997
 # See also: .grype.yaml for full justification
 # exp: 2026-04-30
 GHSA-pxq6-2prw-chj9
+
+# CVE-2026-41889 / GHSA-j88v-2chj-qfwx: pgx/v4 panic on crafted PostgreSQL wire payload (DoS)
+# Severity: LOW (CVSS 3.7) — Package: github.com/jackc/pgx/v4, embedded in CrowdSec binaries
+# Fix path requires upstream migration to pgx/v5; CrowdSec currently vendors pgx/v4 in bundled components.
+# Charon uses SQLite by default; PostgreSQL wire-protocol path is not reachable in standard deployment.
+# Review by: 2026-05-25
+# See also: .grype.yaml for full justification
+# exp: 2026-05-25
+CVE-2026-41889
+GHSA-j88v-2chj-qfwx

Dockerfile

@@ -26,8 +26,8 @@ ARG CROWDSEC_RELEASE_SHA256=704e37121e7ac215991441cef0d8732e33fa3b1a2b2b88b53a0b
 ARG EXPR_LANG_VERSION=1.17.8
 # renovate: datasource=go depName=golang.org/x/net
 ARG XNET_VERSION=0.55.0
-# renovate: datasource=go depName=github.com/smallstep/certificates
-ARG SMALLSTEP_CERTIFICATES_VERSION=0.30.0
+# renovate: datasource=go depName=golang.org/x/crypto
+ARG XCRYPTO_VERSION=0.52.0
 # renovate: datasource=npm depName=npm
 ARG NPM_VERSION=11.11.1
 
@@ -241,7 +241,7 @@ ARG CORAZA_CADDY_VERSION
 ARG XCADDY_VERSION=0.4.6
 ARG EXPR_LANG_VERSION
 ARG XNET_VERSION
-ARG SMALLSTEP_CERTIFICATES_VERSION
+ARG XCRYPTO_VERSION
 
 # hadolint ignore=DL3018
 RUN apk add --no-cache bash git
@@ -289,6 +289,7 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
         go get github.com/expr-lang/expr@v${EXPR_LANG_VERSION}; \
         # renovate: datasource=go depName=github.com/hslatman/ipstore
         go get github.com/hslatman/ipstore@v0.4.0; \
+        go get golang.org/x/crypto@v${XCRYPTO_VERSION}; \
         go get golang.org/x/net@v${XNET_VERSION}; \
         # CVE-2026-33186: gRPC-Go auth bypass (fixed in v1.79.3)
         # CVE-2026-34986: go-jose/v4 transitive fix (requires grpc >= v1.80.0)
@@ -316,10 +317,6 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
         # remove once caddy-security ships a release built with goxmldsig >= v1.6.0.
         # renovate: datasource=go depName=github.com/russellhaering/goxmldsig
         go get github.com/russellhaering/goxmldsig@v1.6.0; \
-        # CVE-2026-30836: smallstep/certificates 0.30.0-rc3 vulnerability
-        # Fix available at v0.30.0. Pin here so the Caddy binary is patched immediately;
-        # remove once caddy-security ships a release built with smallstep/certificates >= v0.30.0.
-        go get github.com/smallstep/certificates@v${SMALLSTEP_CERTIFICATES_VERSION}; \
         # CVE-2026-32952: go-ntlmssp DoS via malicious NTLM challenge response
         # Affects /usr/bin/caddy (transitive dependency). Fix available at v0.1.1.
         # renovate: datasource=go depName=github.com/Azure/go-ntlmssp
@@ -339,8 +336,17 @@ RUN --mount=type=cache,target=/root/.cache/go-build \
             echo "Unsupported CADDY_PATCH_SCENARIO=${CADDY_PATCH_SCENARIO}"; \
             exit 1; \
         fi; \
+        # Final re-pin: enforce requested Caddy core version after plugin/security updates.
+        go get github.com/caddyserver/caddy/v2@v${CADDY_TARGET_VERSION}; \
         # Clean up go.mod and ensure all dependencies are resolved
         go mod tidy; \
+        # Hard assertion: fail if module graph resolves to a different Caddy core version.
+        ACTUAL_CADDY_VERSION="$(go list -m -f "{{.Version}}" github.com/caddyserver/caddy/v2)"; \
+        if [ "$ACTUAL_CADDY_VERSION" != "v${CADDY_TARGET_VERSION}" ]; then \
+            echo "ERROR: Resolved Caddy version ${ACTUAL_CADDY_VERSION} does not match target v${CADDY_TARGET_VERSION}"; \
+            exit 1; \
+        fi; \
+        echo "Verified Caddy module version: ${ACTUAL_CADDY_VERSION}"; \
         echo "Dependencies patched successfully"; \
         # Remove any temporary binaries from initial xcaddy run
         rm -f /tmp/caddy-initial; \

SECURITY.md

@@ -27,7 +27,7 @@ public disclosure.
 
 ## Known Vulnerabilities
 
-Last reviewed: 2026-05-20
+Last reviewed: 2026-05-25
 
 ### [HIGH] CVE-2026-31790 · OpenSSL Vulnerability in Alpine Base Image
 
@@ -284,6 +284,45 @@ database server is untrusted. EPSS score not yet available.
 Monitor https://github.com/jackc/pgproto3 for a fix release. Upgrade the indirect dependency
 once a patched version is available. Pre-existing; not introduced by PR #1031.
 
+---
+
+### [LOW] CVE-2026-41889 · pgx/v4 Panic via Crafted PostgreSQL Wire Payload
+
+| Field        | Value |
+|--------------|-------|
+| **ID**       | CVE-2026-41889 (GHSA-j88v-2chj-qfwx) |
+| **Severity** | Low · 3.7 |
+| **Status**   | Awaiting Upstream |
+
+**What**
+`github.com/jackc/pgx/v4` may panic when decoding a crafted PostgreSQL wire payload,
+which can cause a denial-of-service condition in affected clients.
+
+**Who**
+
+- Discovered by: Automated scan (Trivy image scan)
+- Reported: 2026-05-25
+- Affects: Deployments using PostgreSQL-backed CrowdSec code paths (non-default)
+
+**Where**
+
+- Component: `github.com/jackc/pgx/v4` (transitive dependency in bundled CrowdSec components)
+- Versions affected: pgx/v4 prior to upstream remediation
+
+**When**
+
+- Discovered: 2026-05-25
+- Disclosed (if public): Public
+- Target fix: When upstream dependencies migrate to a patched path (pgx/v5)
+
+**How**
+Exploitation requires a crafted PostgreSQL protocol payload delivered to an affected pgx/v4
+decode path. Charon defaults to SQLite, so standard deployments do not expose this path.
+
+**Planned Remediation**
+Track upstream CrowdSec dependency updates and remove suppression once pgx/v4 is no longer
+present in bundled components.
+
 ## Patched Vulnerabilities
 
 ### ✅ [HIGH] CVE-2026-34040 · Docker AuthZ Plugin Bypass via Oversized Request Body

agent/muzzle/muzzle.go

@@ -20,13 +20,51 @@ const forbiddenResponse = "HTTP/1.1 403 Forbidden\r\nContent-Length: 0\r\nConnec
 // allowedPatterns enumerates the Docker API paths that agents may access.
 // Matching uses path.Match after stripping query parameters; each pattern
 // uses `*` to match any single path segment (never crosses a slash).
+//
+// Both versioned (/v*/...) and unversioned (/...) forms are listed because
+// Docker clients such as Dockhand send unversioned requests (e.g. GET /containers/json)
+// while the canonical Docker CLI sends versioned requests (e.g. GET /v1.47/containers/json).
 var allowedPatterns = []string{
+	"/_ping",    // no version prefix (Docker < 1.24 / direct health check)
+	"/v*/_ping", // versioned ping for Docker client health checks
+
+	// Container listing and inspection — unversioned (RC8 fix) + versioned
+	"/containers/json",
 	"/v*/containers/json",
+	"/containers/*/json",
 	"/v*/containers/*/json",
+	"/containers/*/logs",
+	"/v*/containers/*/logs",
+	"/containers/*/stats",
+	"/v*/containers/*/stats",
+	"/containers/*/top",
+	"/v*/containers/*/top",
+
+	// Daemon info — unversioned + versioned
+	"/info",
 	"/v*/info",
+	"/images/json",
 	"/v*/images/json",
+	"/version",
 	"/v*/version",
+	"/events",
 	"/v*/events",
+
+	// Volumes — unversioned + versioned
+	"/volumes",
+	"/v*/volumes",
+	"/volumes/*",
+	"/v*/volumes/*",
+
+	// Networks — unversioned + versioned
+	"/networks",
+	"/v*/networks",
+	"/networks/*",
+	"/v*/networks/*",
+
+	// System disk usage — unversioned + versioned
+	"/system/df",
+	"/v*/system/df",
 }
 
 // Filter is an HTTP allowlist filter for Docker socket proxy streams.
@@ -38,8 +76,20 @@ func New() *Filter {
 }
 
 // Allow returns true if method+reqPath is on the allowlist.
-// Only GET is permitted; all other methods are rejected immediately.
+// Only GET is permitted, except HEAD which is allowed on /_ping and /v*/_ping
+// (Docker SDK connectivity check).
 func (f *Filter) Allow(method, reqPath string) bool {
+	// HEAD is permitted only for /_ping (Docker SDK connectivity check).
+	if strings.EqualFold(method, http.MethodHead) {
+		cleanPath := path.Clean(reqPath)
+		for _, p := range []string{"/_ping", "/v*/_ping"} {
+			if matched, _ := path.Match(p, cleanPath); matched {
+				return true
+			}
+		}
+		return false
+	}
+
 	if !strings.EqualFold(method, http.MethodGet) {
 		return false
 	}
@@ -79,6 +129,10 @@ func (f *Filter) ServeProxy(dst string, r io.Reader, w io.Writer) error {
 	}
 	defer conn.Close()
 
+	// Ensure Docker closes the socket after the response so ServeProxy can
+	// terminate cleanly instead of waiting on an idle keep-alive connection.
+	req.Close = true
+
 	// Forward the full request (headers + body) to the Docker socket.
 	if err := req.Write(conn); err != nil {
 		return fmt.Errorf("muzzle: forward request to docker: %w", err)