Security vulnerabilities with version 3.5.5 #75
Comments
|
Unfortunately 9 out of 10 vulnerable components come from I can only suggest to report these issues upstream. |
|
Thanks for your prompt response! An issue was reported for upstream docker-library/openjdk#349, as suggested. I'm closing this issue. |
|
I have reported the issues to openjdk:8-jre-slim and they came back and said that they have fixed some issues and some are a false positive. Does 31z4/zookeeper-docker uses the latest image, I have given the link to the git hub issue link of openjdk:8-jre-slim that I raised you can go through it. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
and others
Expected behavior
Vulnerability scans of container image should not report critical/high severity security vulnerabilities.
Actual behavior
Image scans using Blackduck reported several critical and high severity security vulnerabilities for version 3.5.5 of the image.
Please let me know how to share the report with you. I can generate a csv file, and send it to an email if that'd work. Alternatively, I can share the report here.
The scan report (https://hub.docker.com/_/zookeeper/scans/library/zookeeper/3.5.5) available in Docker hub for the image, also shows several critical/high severity vulnerabilities. (Note: the user must be logged in to Docker Hub to be able to see the report).
Steps to reproduce the behavior
Not applicable.
System configuration
Not applicable.
The text was updated successfully, but these errors were encountered: