Upgrade UBI images to 8.4

[leochr]

We have seen a few security vulnerability reports against the UBI 8.3 distribution that IBM Java uses (i.e. https://github.com/ibmruntimes/ci.docker/blob/master/ibmjava/8/jre/ubi/Dockerfile). The version 8.4 will be available soon (possibly May 12th - https://catalog.redhat.com/software/containers/ubi8/ubi/5c359854d70cc534b3a3784e), so this issue is to request that the images are upgraded to use UBI 8.4. Thank you.

[leochr]

fyi @davemula @dinogun @jayasg12

[jayasg12]

Hi @leochr I see the latest version available in Redhat repo is 8.3 (https://catalog.redhat.com/software/containers/ubi8/ubi/5c359854d70cc534b3a3784e). Next IBM java image will be built by picking up latest available base image for 8.3 , please verify with next IBM Java UBI image which will be published sometime next week with 80sr6fp30 release .

[leochr]

@jayasg12 UBI 8.4 images are now available (from the above link). Thanks.

[jayasg12]

Hi @leochr Was there any specific reason why the fix for vulnerability is not provided for ubi:8.3 version. And also like to know how frequently we should be upgrading the ubi version . So it will be helpful for us to plan the upgrade. Thanks !!

[leochr]

@jayasg12 RHEL Life cycle and support is documented here: https://access.redhat.com/support/policy/updates/errata#RHEL8_Life_Cycle

8.3 was a minor version. 8.x versions are released twice a year, usually in May and November.

[leochr]

@jayasg12 Checking to see when we can expect the Java images to be updated to use UBI 8.4? Several customers have expressed concerns over the vulnerabilities in UBI 8.3. Thank you.

[jayasg12]

Hi @leochr IBM Java ubi:8.4 docker images are published in redhat repository. You can pick the latest available images from catalog. Thank You !!

[leochr]

@jayasg12 Thank you!