Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade docker image version to fix CVEs #3640

Merged
merged 2 commits into from
Nov 15, 2022
Merged

Upgrade docker image version to fix CVEs #3640

merged 2 commits into from
Nov 15, 2022

Conversation

hangc0276
Copy link
Contributor

Motivation

There are a lot of critical CVEs in the maven:3.8.6-jdk-11 docker image
https://snyk.io/test/docker/maven%3A3.8.6-jdk-11

Changes

Use maven:3.8.3-eclipse-temurin-11 instead of maven:3.8.6-jdk-11 to fix it.

@hangc0276 hangc0276 self-assigned this Nov 15, 2022
@hangc0276 hangc0276 added this to the 4.16.0 milestone Nov 15, 2022
shoothzj
shoothzj reviewed Nov 15, 2022
View reviewed changes
Copy link
Member

@shoothzj shoothzj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why don't we use 3.8.6-eclipse-temurin-11

@shoothzj shoothzj merged commit fbad323 into apache:master Nov 15, 2022
hangc0276 added a commit that referenced this pull request Nov 21, 2022
@hangc0276
Upgrade docker image version to fix CVEs (#3640)
d621e5d 
There are a lot of critical CVEs in the `maven:3.8.6-jdk-11` docker image
https://snyk.io/test/docker/maven%3A3.8.6-jdk-11

Use `maven:3.8.3-eclipse-temurin-11` instead of `maven:3.8.6-jdk-11` to fix it.

(cherry picked from commit fbad323)
nicoloboschi pushed a commit to datastax/bookkeeper that referenced this pull request Jan 11, 2023
@hangc0276 @nicoloboschi
Upgrade docker image version to fix CVEs (apache#3640)
7d80a31 
There are a lot of critical CVEs in the `maven:3.8.6-jdk-11` docker image
https://snyk.io/test/docker/maven%3A3.8.6-jdk-11

Use `maven:3.8.3-eclipse-temurin-11` instead of `maven:3.8.6-jdk-11` to fix it.

(cherry picked from commit fbad323)
(cherry picked from commit d621e5d)
yaalsn pushed a commit to yaalsn/bookkeeper that referenced this pull request Jan 30, 2023
@hangc0276 @yaalsn
Upgrade docker image version to fix CVEs (apache#3640)
0e7dd0b 
### Motivation
There are a lot of critical CVEs in the `maven:3.8.6-jdk-11` docker image
https://snyk.io/test/docker/maven%3A3.8.6-jdk-11

### Changes
Use `maven:3.8.3-eclipse-temurin-11` instead of `maven:3.8.6-jdk-11` to fix it.
zymap pushed a commit that referenced this pull request Feb 16, 2023
@hangc0276 @zymap
Upgrade docker image version to fix CVEs (#3640)
fba90ca 
### Motivation
There are a lot of critical CVEs in the `maven:3.8.6-jdk-11` docker image
https://snyk.io/test/docker/maven%3A3.8.6-jdk-11

### Changes
Use `maven:3.8.3-eclipse-temurin-11` instead of `maven:3.8.6-jdk-11` to fix it.

(cherry picked from commit fbad323)
Ghatage pushed a commit to sijie/bookkeeper that referenced this pull request Jul 12, 2024
@hangc0276
Upgrade docker image version to fix CVEs (apache#3640)
fde1944 
### Motivation
There are a lot of critical CVEs in the `maven:3.8.6-jdk-11` docker image
https://snyk.io/test/docker/maven%3A3.8.6-jdk-11

### Changes
Use `maven:3.8.3-eclipse-temurin-11` instead of `maven:3.8.6-jdk-11` to fix it.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shoothzj shoothzj shoothzj approved these changes

@nicoloboschi nicoloboschi nicoloboschi approved these changes

@zymap zymap Awaiting requested review from zymap

@dlg99 dlg99 Awaiting requested review from dlg99

@eolivelli eolivelli Awaiting requested review from eolivelli

Assignees

@hangc0276 hangc0276

Labels
area/docker cherry-picked/branch-4.14 cherry-picked/branch-4.15 release/4.14.6 release/4.15.4
Projects
None yet
Milestone
4.16.0
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@hangc0276 @shoothzj @nicoloboschi @zymap