Closed coreywal closed 4 years ago
The latest images should fix this
$ docker run --rm -it ibmjava java -version
java version "1.8.0_221"
Java(TM) SE Runtime Environment (build 8.0.5.41 - pxa6480sr5fp41-20190919_01(SR5 FP41))
IBM J9 VM (build 2.9, JRE 1.8.0 Linux amd64-64-Bit Compressed References 20190911_427071 (JIT enabled, AOT enabled)
OpenJ9 - d581d49
OMR - ca4db84
IBM - 5cfdf9c)
JCL - 20190918_01 based on Oracle jdk8u221-b11
The latest
ibmjava
JRE image (8-jre
) is vulnerable to CVE-2019-2816 as it still hasJAVA_VERSION 1.8.0_sr5fp37
. The vulnerability is fixed inJAVA_VERSION 1.8.0_sr5fp40
or higher.