Alpine Openjdk 8u141 #138
Closed
Alpine Openjdk 8u141 #138
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Our Twistlock has recently reported a couple of security issues labelled as "high", which in turn breaks the build. Most of the reported problems come from Openjdk version 8u131. Hence, this updated Dockerfile moves Openjdk to 8u141. Additional apk repositories have been added in order to resolve all the required dependencies.
|
We've had a lot of trouble in the past trying to mix released Alpine versions with packages from Edge, so I'd be pretty strongly opposed to this change. If there are security vulnerabilities in the existing package, it shouldn't be hard to convince the Alpine package maintainers to do an update in Alpine 3.6 directly (they've done so in the past for exactly that reason). 👍 |
|
I agree this should be fixed upstream by moving openjdk8-141 to Alpine v3.6 or an edge docker image could be built. CVE: https://nvd.nist.gov/vuln/detail/CVE-2017-10102 |
|
The OpenJDK 8 Alpine variants have since moved to Alpine 3.7, and thus 8u151 and this no longer applies. 👍 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Our Twistlock has recently reported a couple of security issues labelled as "high", which breaks our build. Most of the reported problems come from Openjdk version 8u131. Hence, this updated Dockerfile moves Openjdk to 8u141.
Additional apk repositories have been added in order to resolve all the required dependencies.