frankgrimes97
commented
7 months ago @morgion Any plans to publish a new image? Thanks!
Closed frankgrimes97 closed 6 months ago
frankgrimes97
commented
7 months ago @morgion Any plans to publish a new image? Thanks!
morgion
commented
7 months ago @frankgrimes97 In January release. Meanwhile, we recommend Liberica Runtime Container which has this vulnerability addressed.
frankgrimes97
commented
7 months ago @frankgrimes97 In January release. Meanwhile, we recommend Liberica Runtime Container which has this vulnerability addressed.
Taking a look at the Liberica Runtime Container images and there don't yet appear to be linux/arm64 versions available like there are for bellsoft/liberica-openjdk-alpine.
Are there plans to add some in the near future?
frankgrimes97
commented
6 months ago I see that the base image is now alpine-3.19.0 which has no known CVE vulnerabilities so closing this issue:
$ docker run -it --rm bellsoft/liberica-openjdk-alpine:21
Unable to find image 'bellsoft/liberica-openjdk-alpine:21' locally
21: Pulling from bellsoft/liberica-openjdk-alpine
c30352492317: Pull complete
309bdb032224: Pull complete
16e792870322: Pull complete
Digest: sha256:f6ab9bfb862755066db48d2d0cd222bcc7061228ad7cfc7bcfcfd9de74bf3fb4
Status: Downloaded newer image for bellsoft/liberica-openjdk-alpine:21
/ # cat /etc/alpine-release
3.19.0
The last published Liberica Alpine docker image appears to still be using Alpine 3.18.4:
Alpine 3.18.5 was recently released: https://www.alpinelinux.org/posts/Alpine-3.15.11-3.16.8-3.17.6-3.18.5-released.html It includes fixes for the following two OpenSSL CVEs: