31z4
commented
1 year ago Closing this because most of the issues should be fixed in the newest 3.6.4 tag. 3.6.3 is no longer maintained because it was based on completely deprecated openjdk image.
Closed RamyaRohidas closed 1 year ago
31z4
commented
1 year ago Closing this because most of the issues should be fixed in the newest 3.6.4 tag. 3.6.3 is no longer maintained because it was based on completely deprecated openjdk image.
Before you file an issue here, please keep in mind that your issue may be not related to the image itself. Please make sure that it is, otherwise report the issue upstream.
Expected behavior
No High or critical CVEs with twistlock scan
Actual behavior
We see 5 critical and 13 high vulnerabilities with twistlock scan.
Steps to reproduce the behavior
Local twistlock scanning of image https://github.com/31z4/zookeeper-docker/tree/master/3.6.3
System configuration
Attaching the CVEs for reference. package vulnerabilities. Kindly see zookeeper-3-6-3 (2) (1).csv attachment with the actual issues. libgcc1,gcc-8-base,libstdc++6 gcc-8 io.netty_netty-codec log4j_log4j go