Upgrade Alpine to latest release 3.16.1 to fix vulnerabilities

bell-sw / Liberica

Free and 100% open source Progressive Java Runtime for modern Java™ deployments supported by a leading OpenJDK contributor

https://bell-sw.com/pages/libericajdk/

GNU General Public License v2.0

318 stars 29 forks source link

Upgrade Alpine to latest release 3.16.1 to fix vulnerabilities #88

Closed shanawaspm closed 2 years ago

shanawaspm commented 2 years ago

Hi, OpenJDK Liberica Alpine images are depending on Apline version 3.16

This version contains some security vulnerabilities such as CVE-2022-30065 and CVE-2022-2097. There is a new version of Apline 3.6.1 which resolves the above mentioned vulnerabilities.

Do you accept PRs to fix this ?

Thanks !

famod commented 2 years ago

CVE-2022-2097 is apparently not fully fixed yet, see https://github.com/alpinelinux/docker-alpine/issues/261

But still, IMO it's about time to push new images incorporating JDK 17.0.4 etc.

famod commented 2 years ago

Btw, AFAICS, alpine:3.16 points to 3.16.1 (and will point to 3.16.2 and so on in the future). So if I'm not mistaken it's just a matter of building those images now.

morgion commented 2 years ago

Hi, New Liberica release (version 8u342+7, 11.0.16+8, 17.0.2+8, 18.0.2+10) closes this issue - all Alpine images have been built from 3.16.1 (which is referenced as 3.16 in dockerfiles)

/ # more /etc/alpine-release 
3.16.1

shanawaspm commented 2 years ago

@morgion thanks a lot