-
-
Notifications
You must be signed in to change notification settings - Fork 244
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security vulnerabilities with version 3.5.5 #75
Comments
Unfortunately 9 out of 10 vulnerable components come from I can only suggest to report these issues upstream. |
Thanks for your prompt response! An issue was reported for upstream docker-library/openjdk#349, as suggested. I'm closing this issue. |
I have reported the issues to openjdk:8-jre-slim and they came back and said that they have fixed some issues and some are a false positive. Does 31z4/zookeeper-docker uses the latest image, I have given the link to the git hub issue link of openjdk:8-jre-slim that I raised you can go through it. |
Expected behavior
Vulnerability scans of container image should not report critical/high severity security vulnerabilities.
Actual behavior
Image scans using Blackduck reported several critical and high severity security vulnerabilities for version 3.5.5 of the image.
Please let me know how to share the report with you. I can generate a csv file, and send it to an email if that'd work. Alternatively, I can share the report here.
The scan report (https://hub.docker.com/_/zookeeper/scans/library/zookeeper/3.5.5) available in Docker hub for the image, also shows several critical/high severity vulnerabilities. (Note: the user must be logged in to Docker Hub to be able to see the report).
Steps to reproduce the behavior
Not applicable.
System configuration
Not applicable.
The text was updated successfully, but these errors were encountered: