Closed shanawaspm closed 2 years ago
CVE-2022-2097 is apparently not fully fixed yet, see https://github.com/alpinelinux/docker-alpine/issues/261
But still, IMO it's about time to push new images incorporating JDK 17.0.4 etc.
Btw, AFAICS, alpine:3.16
points to 3.16.1 (and will point to 3.16.2 and so on in the future). So if I'm not mistaken it's just a matter of building those images now.
Hi, New Liberica release (version 8u342+7, 11.0.16+8, 17.0.2+8, 18.0.2+10) closes this issue - all Alpine images have been built from 3.16.1 (which is referenced as 3.16 in dockerfiles)
/ # more /etc/alpine-release
3.16.1
@morgion thanks a lot
Hi, OpenJDK Liberica Alpine images are depending on Apline version 3.16
This version contains some security vulnerabilities such as CVE-2022-30065 and CVE-2022-2097. There is a new version of Apline 3.6.1 which resolves the above mentioned vulnerabilities.
Do you accept PRs to fix this ?
Thanks !