leochr
commented
2 years ago @camilo364 I see some old CVEs for Liberty which should already be fixed in the referenced image above for 22.0.0.9. For example, CVE-2018-1851 which was fixed in 18.0.0.3. Is the scanner (which one btw?) complaining that the above image is vulnerable to these Liberty related CVEs?
Are there any other CVEs you are looking for in particular?
Wondering whether others are for the operating system Ubuntu. Liberty images are built on the Java Semeru images (i.e. ibm-semeru-runtimes:open-8-jre-focal) which uses Ubuntu 20.04. Liberty images get automatically built when the base images are updated.
open-liberty:22.0.0.9-full-java8-openj9: total - 20, critical - 1, high - 2, medium - 8, low - 9 Vulnerability
Do you have an idea how can i fix them.
vulnerabilities.txt