Closed Brucexie11 closed 2 years ago
openjdk:latest
(aka openjdk:17.0.2-jdk-oraclelinux8
) is based on Oracle Linux 8 (slim). Those were updated just a couple days ago with https://github.com/docker-library/official-images/pull/12108 and so all official-images from them were rebuilt very recently. I've pulled the image fresh and there are not any packages to be updated even though the gnutls
version appears to be the older version:
docker run -it --rm openjdk:latest bash
bash-4.4# rpm -qa | grep gnutls
gnutls-3.6.16-4.el8.x86_64
bash-4.4# microdnf upgrade -y
Downloading metadata...
Downloading metadata...
Nothing to do.
bash-4.4#
yosifkit,
Do we have plan to fix it?
Thanks,
Bruce
With no package updates available, there's nothing we can do about this -- any update on this will come from Oracle.
Hi, we are using base image openjdk:latest. Our Grype scan indicated the following vulnerability issue. May I ask when the new version of openjdk will be release to fix this issue? or is there a workaround? Thanks, Bruce Xie
FROM public.ecr.aws/docker/library/openjdk:latest
Start scanning for image '87f2536d62e372f33b656f2c2f44482ba99e96b1:latest' NAME INSTALLED FIXED-IN VULNERABILITY SEVERITY gnutls 3.6.16-4.el8 10:3.6.16-4.0.1.el8_fips ELSA-2022-9221 Medium