Image tags have known vulnerabilities

[intel352]

While reviewing the docker tags, I see a number of the "stretch"-based images have known vulnerabilities: https://hub.docker.com/r/library/golang/tags/

[wglambert]

See docker-library/postgres#286 (comment) docker-library/openjdk#161, docker-library/openjdk#112, docker-library/drupal#84, docker-library/official-images#2740, docker-library/ruby#117, docker-library/ruby#94, docker-library/python#152, docker-library/php#242, docker-library/buildpack-deps#46, docker-library/openjdk#185.

From yosifkit's comment:

We get these reports quite often, and they usually involve a large amount of digging which ends up in very little which is actionable. See the list below for an example of where I dove into a lot of these reports and found most of them to be either false positives or out of our hands (because Debian upstream hasn't patched the vulnerabilities, usually because they looked into it and deemed it to be a minor issue).

If there are actionable items we can resolve, we're happy to do so (and do so actively). We update all Debian based images to include any updates in apt packages at least monthly (we regenerate the base images and then rebuild all dependent images).