karianna
commented
3 weeks ago The base layer gets updated by DockerHub (so you'll need to report to them), you can also tdnf update in the mean time.
Closed zopahima closed 3 weeks ago
karianna
commented
3 weeks ago The base layer gets updated by DockerHub (so you'll need to report to them), you can also tdnf update in the mean time.
zopahima
commented
3 weeks ago @karianna Already did it, I was referred to adoptium. See - https://github.com/docker/roadmap/issues/675
omni-htg
commented
3 weeks ago @zopahima As you can see in DockerHub, the last alpine:3.19 was built 5 months ago, and the image eclipse-temurin:17-jre-alpine you're pointing to was built after that using the latest 17.0.11+9 version.
~So unless there's an update to alpine 3.19 or a new openjdk version, the image is not getting updated.~
~Perhaps the folks at Alpine could see this and trigger a bump on 3.19, give them a try.~
EDIT: Apologies, it seems that alpine:3.20 has already been merged into temurin so it's only a matter of time until it gets to DockerHub.
karianna
commented
2 weeks ago @karianna Already did it, I was referred to adoptium. See - docker/roadmap#675
I think that's a different place to DockerHub - but I appreciate that this is frustrating, we need a better round robin policy here.
zopahima
commented
2 weeks ago @omni-htg Thanks!! Where can I track alpine merges into temurin? How can I track when it gets into DockerHub?
eclipse-temurin:17-jre-alpine image contains multiple old vulnerabilities, is there any plan to address them in the near future? when can expected to get a patched version? vul scan taken by trivy scanner.