Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dockerfile基础镜像漏洞 #5144

Open
ltx0633 opened this issue May 17, 2024 · 4 comments
Open

dockerfile基础镜像漏洞 #5144

ltx0633 opened this issue May 17, 2024 · 4 comments

Comments

@ltx0633
Copy link

ltx0633 commented May 17, 2024

你的特性请求和某个问题有关吗?请描述

在安全合规时发现镜像存在漏洞,是否适用其他版本的jre?

清晰简洁地描述一下你希望的解决方案

更新基础镜像

清晰简洁地描述一下这个特性的备选方案

其它背景

image
@shoothzj
Copy link
Member

I think we can update this, using jdk17 even jdk21, would you like send a PR? thanks.

@nobodyiam
Copy link
Member

eclipse-temurin:17-jre appears to be a strong alternative.

@ltx0633
Copy link
Author

ltx0633 commented May 22, 2024

截屏2024-05-22 21 35 20

According to the product image of PR. Whether to consider upgrading components (postgres, log4j), etc.

In addition, I have verified that eclipse-temurin:17-jre images are feasible in a production environment

eclipse-temurin:17-jre appears to be a strong alternative.

@nobodyiam
Copy link
Member

nobodyiam commented May 24, 2024
edited

Whether to consider upgrading components (postgres, log4j), etc.

PRs are welcome to upgrade these dependencies.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nobodyiam @shoothzj @ltx0633