openjdk:11-jre with perl 5.28 has libpcre security vulnerability issues

[murugesan70]

Docker image for openjdk:11-jre has following security vulnerability issues reported in the scan. Are there newer images without these HIGH vulnerabilities?

• https://security-tracker.debian.org/tracker/CVE-2020-14155
• https://security-tracker.debian.org/tracker/CVE-2020-10878

There are about 86 of medium vulnerabilities.

Please advice.

[wglambert]

For that CVE Buster is still vulnerable so there's nothing actionable for us to do

See also https://github.com/docker-library/faq#why-does-my-security-scanner-show-that-an-image-has-so-many-cves
And docker-library/postgres#286 (comment) #161, #112, docker-library/postgres#286, docker-library/drupal#84, docker-library/official-images#2740, docker-library/ruby#117, docker-library/ruby#94, docker-library/python#152, docker-library/php#242, docker-library/buildpack-deps#46, #185.

A CVE doesn't imply having an actual vulnerability, and often is even a false positive (given how most distributions handle versioning/security updates in stable releases). If there are actionable items we can resolve, we're happy to do so (and do so actively). We update all Debian based images to include any updates in apt packages at least monthly (we regenerate the base images and then rebuild all dependent images).