Update dependency jars in docker image #107085
Labels
:Delivery/Packaging
RPM and deb packaging, tar and zip archives, shell and batch scripts
>enhancement
:Security/Security
Security issues without another label
Team:Delivery
Meta label for Delivery team
Team:Security
Meta label for security team
Description
Please would it be possible to bump java libs in next planned patch of 7.17?
Specifically:
xmlsec-2.1.4.jar to 2.1.8+
nimbus-jose-jwt-9.23.jar to 9.37.3+
json-smart-2.4.10.jar to 2.4.11+
httpcore-4.4.12.jar / httpcore-nio-4.4.12.jar to 4.4.16+
Those used dependencies shows some CVEs findings in trivy free scanner...
We are rebuilding image with this docker file right now..
Thanks
The text was updated successfully, but these errors were encountered: