SOLR-17353: Fix for golang version 1.18#2542
Conversation
cpoerschke
changed the title
| apt-get update; \ | ||
| apt-get -y --no-install-recommends install acl lsof procps wget netcat gosu tini jattach; \ | ||
| wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/1.17/gosu-amd64"; \ | ||
| chmod +x /usr/local/bin/gosu; \ |
There was a problem hiding this comment.
It is a known fact that our version of ubuntu offers a slightly older gosu binary based on an older golang. However, there are no known attack vectors known to us how an external attacker might abuse this.
The fix presented here is not acceptable, as the image must work both for amd and arm architectures.
A better solution is to wait until we bump our default Ubuntu version in the docker image. Which I suppose could happen soon?
There was a problem hiding this comment.
We should definitely bump it for 10x
janhoy
left a comment
janhoy
left a comment
There was a problem hiding this comment.
Please instead look into upgrading the ubuntu platform-version and indirectly fix it that way.
|
This PR has had no activity for 60 days and is now labeled as stale. Any new activity or converting it to draft will remove the stale label. To attract more reviewers, please tag people who might be familiar with the code area and/or notify the dev@solr.apache.org mailing list. Thank you for your contribution! |
|
This PR is now closed due to 60 days of inactivity after being marked as stale. Re-opening this PR is still possible, in which case it will be marked as active again. |
3 participants
https://issues.apache.org/jira/browse/SOLR-17353
Description
Please provide a short description of the changes you're making with this pull request.
Solution
Please provide a short description of the approach taken to implement your solution.
Tests
Please describe the tests you've developed or run to confirm this patch implements the feature or solves the problem.
Checklist
Please review the following and check all that apply:
mainbranch../gradlew check.