CVE-2022-21499 on latest

docker-library / openjdk

Docker Official Image packaging for EA builds of OpenJDK from Oracle

http://openjdk.java.net

MIT License

1.14k stars 471 forks source link

CVE-2022-21499 on latest #497

Closed mcodev31 closed 2 years ago

mcodev31 commented 2 years ago

docker.io/library/openjdk:latest seems to be vulnerable to CVE-2022-21499 (anyone can e.g. pretend to be google)

bash-4.4# java --version
openjdk 17.0.2 2022-01-18
OpenJDK Runtime Environment (build 17.0.2+8-86)
OpenJDK 64-Bit Server VM (build 17.0.2+8-86, mixed mode, sharing)

tianon commented 2 years ago

Unfortunately, openjdk:latest is no longer maintained; see #495.