fix: Docker Redis CVE-2025-49844 — fix build failures and version pinning (#1671)

[hafezparast]

Summary

• Fixes [Bug]: redis server in crawl4ai docker image 0.7.8 has [CVE-2025-49844] Lua use-after-free may lead to remote code execution. CVSS Score: 10.0 (Critical) #1671
• The previous Redis CVE fix on develop has three issues that prevent it from working:
  1. curl/gnupg are used to add the Redis apt repo before they're installed (breaks docker build on python:3.12-slim-bookworm)
  2. redis-tools is not pinned alongside redis-server (causes apt dependency conflict)
  3. Packages are not held, so playwright install --with-deps upgrades Redis back to 8.x

Changes

• Dockerfile:
  • Added pre-install of curl and gnupg before Redis repo setup
  • Pin redis-tools to same version as redis-server
  • Added apt-mark hold redis-server redis-tools to prevent upgrades
  • Updated default version to 7.2.13 (latest 7.2.x patch)

Verified locally

$ docker build --target build -t crawl4ai-redis-test .
$ docker run --rm crawl4ai-redis-test redis-server --version
Redis server v=7.2.13
$ docker run --rm crawl4ai-redis-test apt-mark showhold
redis-server
redis-tools

Test plan

• New test suite: tests/test_issue_1671_redis_cve.py (10 tests)
• Regression suite: 304/305 passing (1 pre-existing HuggingFace failure)
• Full Docker build verified locally — Redis 7.2.13 survives playwright install --with-deps

Generated with Claude Code

[ntohidi]

Thank you for your contribution, this is already fixed and it's in the latest Docker image: 0.8.5
will be in the mian branch soon