Closed sushantac closed 3 years ago
Buster is still vulnerable and the Debian security team considers it a "minor issue"
Python 2.7 is in the image because of the buildpack-deps
base image
https://github.com/docker-library/openjdk/blob/34b09b2cbfa0edc7930818ea4ff070e3d42d5f89/11/jdk/buster/Dockerfile#L7
You can alternatively use openjdk:11-slim
or openjdk:11-oraclelinux8
which don't come with Python
During the vulnerability scanning of a Docker image, openjdk:11 got flagged for containing the following high vulnerability: https://security-tracker.debian.org/tracker/CVE-2021-3177