Closed leomao10 closed 1 year ago
I think either your image is outdated or your vulnerability scanner is misfiring:
$ docker run -it --rm --pull=always docker:20.10-dind sh
20.10-dind: Pulling from library/docker
Digest: sha256:545bbd72f29603a648b034cbd089c501d67ba20974938151f68be48536e93694
Status: Image is up to date for docker:20.10-dind
/ # apk update
fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/main/x86_64/APKINDEX.tar.gz
fetch https://dl-cdn.alpinelinux.org/alpine/v3.17/community/x86_64/APKINDEX.tar.gz
v3.17.2-237-gdc3ac407b9a [https://dl-cdn.alpinelinux.org/alpine/v3.17/main]
v3.17.2-234-g16d676e6f32 [https://dl-cdn.alpinelinux.org/alpine/v3.17/community]
OK: 17817 distinct packages available
/ # apk list --upgradeable
/ #
Ah, sorry, that is our fault, didn't aware that the image get updated after the release. Tested it and the vuln is fixed. Thanks for you help. I will close the ticket now.
Hi there,
We are currently using
docker:20.10.23-dind
in our product at the moment.While we got notify from snyk container saying this image contain vulnerability with following dependency paths:
And we notice
docker:23.0.0-dind
still contain the vulns, butdocker:23.0.1-dind
already got it fixed. Having said that, I believe upgrade from 20.10.23 to 23.0.0 is a major version upgrade and it contain breaking changes by reading the release note. And the effort for us to upgrade it to 23.0.0 would be quite big and we want some of the known issues get resolved before we migrated to 23.0.So I was wondering if it is possible for docker team to backport the fix for vulns to
docker:20.10
so it got the security patches for those of us that can't upgrade to latset docker version yet?Thanks in advance and looking forward for you reply.
Leo Liang