-
Notifications
You must be signed in to change notification settings - Fork 475
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security vulnerabilities with version 8-jre-slim #349
Labels
question
Usability question, not directly related to an error with the image
Comments
wglambert
added
the
question
Usability question, not directly related to an error with the image
label
Aug 23, 2019
Indeed, the only package in the current $ docker pull openjdk:8-jre-slim
8-jre-slim: Pulling from library/openjdk
Digest: sha256:8489e5a8e8a144ae7c41cbc2b95de8a7618cc31c7ae3ecb9db8d4b667ee84ff1
Status: Image is up to date for openjdk:8-jre-slim
$ docker run -it --rm openjdk:8-jre-slim bash -xc 'apt-get update -qq && apt-get dist-upgrade'
+ apt-get update -qq
+ apt-get dist-upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following package was automatically installed and is no longer required:
lsb-base
Use 'apt autoremove' to remove it.
The following packages will be upgraded:
tzdata
1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 260 kB of archives.
After this operation, 1024 B of additional disk space will be used.
Do you want to continue? [Y/n] |
@wglambert thanks for the update |
@tianon does this package has the updated version in which these issues are resolved? |
Yes, as displayed in my comment above, this image contains any updates it possibly can minus |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I work for a product that uses Apache Zookeeper images located at Docker Hub (https://hub.docker.com/_/zookeeper). We are currently using image version 3.5.4-beta and are looking to upgrade the image to address security vulnerabilities. The latest available version of the image 3.5.5 appears to have several critical and high severity vulnerabilities as well, as per [this |https://hub.docker.com/_/zookeeper/scans/library/zookeeper/3.5.5] report. We had raised an issue regarding that and the Zookeeper community came back and said that 9 out of 10 vulnerable components come from OpenJDK:8-jre-slim base image:
https://hub.docker.com/_/openjdk/scans/library/openjdk/8-jre-slim
you can look into The scan report (https://hub.docker.com/_/zookeeper/scans/library/zookeeper/3.5.5) available in Docker hub for the image, also shows several critical/high severity vulnerabilities. (Note: the user must be logged in to Docker Hub to be able to see the report).
I was curious to know that will you guys be addressing it in the future.
The text was updated successfully, but these errors were encountered: