volmarl
commented
7 years ago Thanks for the feedback. We try to only keep the current stable version on the official release.
older versions are available in our github repo.
We are using the xenial base OS. The image is not restricted and could be inherited and patch.
Please see example below:
| => cat Dockerfile
FROM aerospike:latest
#CVE-2016-7543 bash vulnerability
RUN \
apt-get update -y \
&& apt-get install -y wget gcc make \
&& wget ftp://ftp.gnu.org/pub/gnu/bash/bash-4.4.tar.gz \
&& tar xvf bash-4.4.tar.gz \
&& cd bash-4.4 \
&& ./configure \
&& make \
&& make install
#CVE-2016-2109 OpenSSL vulnerability
RUN \
apt-get update -y \
&& apt-get install -y wget make gcc \
&& wget https://www.openssl.org/source/openssl-1.0.2j.tar.gz \
&& tar -xvzf openssl-1.0.2j.tar.gz \
&& cd openssl-1.0.2j \
&& ./config --prefix=/usr/ \
&& make \
&& make install
It is possible to have correct tagging for aerospike releases?
Currently there is only possible to install
3.10.1.1orlatest. What about3,3.10and3.10.1? The first two would be useful.Also are you aware of the vulnerabilities showed here? https://hub.docker.com/r/library/aerospike/tags/latest/