Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade docker base image to resolve CVE-2023-0286 #3916

Merged
merged 2 commits into from
Apr 13, 2023
Merged

Upgrade docker base image to resolve CVE-2023-0286 #3916

merged 2 commits into from
Apr 13, 2023

Conversation

hangc0276
Copy link
Contributor

Motivation

CVE-2023-0286

Detailed paths
Introduced through: maven@3.8.6-eclipse-temurin-11 › openssl/libssl3@3.0.2-0ubuntu1.7
Fix: No remediation path available.
Introduced through: maven@3.8.6-eclipse-temurin-11 › openssl@3.0.2-0ubuntu1.7
Fix: Upgrade to openssl@3.0.2-0ubuntu1.8

  BASE IMAGE VULNERABILITIES SEVERITY  
Current image maven:3.8.6-eclipse-temurin-11 48 0C1H22M25L  
Minor upgrades maven:3.9.0-eclipse-temurin-11 19 0C0H2M17L

Changes

Upgrade the docker base image to maven:3.9.0-eclipse-temurin-11 to resolve the CVE

@hangc0276 hangc0276 self-assigned this Apr 13, 2023
@hangc0276 hangc0276 added this to the 4.17.0 milestone Apr 13, 2023
@shoothzj shoothzj merged commit 35e9da9 into apache:master Apr 13, 2023
zymap pushed a commit that referenced this pull request Jun 19, 2023
@hangc0276 @zymap
Upgrade docker base image to resolve CVE-2023-0286 (#3916)
81fd119 
(cherry picked from commit 35e9da9)
hangc0276 added a commit to hangc0276/bookkeeper that referenced this pull request Jun 26, 2023
@hangc0276
Upgrade docker base image to resolve CVE-2023-0286 (apache#3916)
938d3b2 
(cherry picked from commit 35e9da9)
zymap pushed a commit that referenced this pull request Dec 6, 2023
@hangc0276 @zymap
Upgrade docker base image to resolve CVE-2023-0286 (#3916)
9daa157 
(cherry picked from commit 35e9da9)
Ghatage pushed a commit to sijie/bookkeeper that referenced this pull request Jul 12, 2024
@hangc0276
Upgrade docker base image to resolve CVE-2023-0286 (apache#3916)
b8887f0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@shoothzj shoothzj shoothzj approved these changes

@nicoloboschi nicoloboschi nicoloboschi approved these changes

@zymap zymap zymap approved these changes

@eolivelli eolivelli Awaiting requested review from eolivelli

@StevenLuMT StevenLuMT Awaiting requested review from StevenLuMT

Assignees

@hangc0276 hangc0276

Labels
area/security cherry-picked/branch-4.14 cherry-picked/branch-4.15 cherry-picked/branch-4.16 release/4.14.8 release/4.15.5 release/4.16.2
Projects
None yet
Milestone
4.17.0
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@hangc0276 @shoothzj @nicoloboschi @zymap