confluentinc/cp-schema-registry:7.1.1 has vulnerabilities. 7.2 isn't yet uploaded.

confluentinc / schema-registry-images

Docker Images for Schema Registry

Apache License 2.0

2 stars 21 forks source link

confluentinc/cp-schema-registry:7.1.1 has vulnerabilities. 7.2 isn't yet uploaded. #58

Open abhinavbakaya opened 2 years ago

abhinavbakaya commented 2 years ago

We are using the below Dockerfile to do a dnf upgrade on the image confluentinc/cp-schema-registry:7.1.1 and then we are using the built image to run schema registry on Kubernetes.

FROM confluentinc/cp-schema-registry:7.1.1
USER root
RUN dnf upgrade -y
USER appuser

Even after that, I am being continuously asked by my organisation's Security Team to remove the vulnerabilities. CVE-2020-36518 PRISMA-2021-0213 CVE-2022-24329

Please help.

janjwerner-confluent commented 1 year ago

Thank you for raising this issue. The CVEs are addressed in the latest release 7.1.3.