diff --git a/.image-gitlab-ci.yml b/.image-gitlab-ci.yml
index ac28d0e5..c143821e 100644
--- a/.image-gitlab-ci.yml
+++ b/.image-gitlab-ci.yml
@@ -51,11 +51,12 @@ security_scan_trivy:
     TRIVY_IGNORE: >-
       CVE-2023-31484,CVE-2023-45853,
       CVE-2023-52425,CVE-2024-8176,
-      CVE-2025-9900,
+      CVE-2025-9900,CVE-2025-68121,CVE-2026-25679,CVE-2026-32280,
+      CVE-2026-32281,CVE-2026-32281,
       CVE-2026-0861,CVE-2025-8194,CVE-2025-13699,
       CVE-2025-13836,CVE-2025-40914
       # Above two rows are for spamassassin under debian trixie
-      # CVE-2025-9900 is for MythTV 36
+      # CVE-2025-9900 and next line are for MythTV 36, unfixed ubuntu:resolute
       # Below are for blacklist image, there's a won't-fix note for zlib1g
       # CVE-2023-31484,CVE-2023-45853
     TRIVY_OUTPUT: gl-container-scanning-report.json
diff --git a/images/mariadb-galera/Dockerfile b/images/mariadb-galera/Dockerfile
index e85c3dfb..a978abfc 100644
--- a/images/mariadb-galera/Dockerfile
+++ b/images/mariadb-galera/Dockerfile
@@ -1,4 +1,4 @@
-FROM mariadb:12.3.1
+FROM mariadb:12.2.2
 ARG BUILD_DATE
 ARG VCS_REF
 LABEL org.opencontainers.image.authors="Rich Braun docker@instantlinux.net" \
diff --git a/images/mariadb-galera/helm/Chart.yaml b/images/mariadb-galera/helm/Chart.yaml
index a47076d6..ab248c6f 100644
--- a/images/mariadb-galera/helm/Chart.yaml
+++ b/images/mariadb-galera/helm/Chart.yaml
@@ -8,7 +8,7 @@ sources:
 - https://github.com/MariaDB/galera
 type: application
 version: 0.1.3
-appVersion: "12.3.1"
+appVersion: "12.2.2"
 dependencies:
 - name: chartlib
   version: 0.1.8