OpenSSL 3 - Amazon Linux base

[JohnPreston]

Hi there. I did follow the Security report guidelines, but for the sake of community observability, although corretto is not mentionned in the https://aws.amazon.com/security/security-bulletins/AWS-2022-008/ bulletin, given base images are using Amazon Linux, which is on it, might be worth to clarify / publish images with all the latest security patches.

Thank you,

PS: The AmazonLinux team did publish 17h a patched version: https://gallery.ecr.aws/amazonlinux/amazonlinux So worth aligning to that :pray:

[davecurrie]

Hi. Corretto Docker images are based on Amazon Linux 2, which is not affected per the security bulletin you linked to. Corretto is covered by the sentence in the advisory: "AWS services are not affected, and no customer action is required."

The new images published by Amazon Linux are for the AL 2022 preview, which we don't use as a base image.

[JohnPreston]

Sorry for the confusion on my end, that makes sense, thanks for the prompt reply!