Closed clarjon1 closed 1 year ago
heyo!
Latest docker image pulled thru offered docker-compose.yml has a tomcat 9.0.72 version installed instead of advertised 10.1
docker-compose.yml
On a fresh VM that I just installed to test:
clarjon1@testvm ~/docker-test [19:54:23] > $ systemctl start docker clarjon1@testvm ~/docker-test [19:54:29] > $ sudo docker-compose pull [+] Running 15/15 ⠿ drawio Pulled 32.9s ⠿ b65bcf19d144 Pull complete 6.5s ⠿ 9e3e3d5d30a2 Pull complete 7.3s ⠿ b1afd9b3f07b Pull complete 8.7s ⠿ 24c021f0294c Pull complete 8.8s ⠿ 56c0466cd577 Pull complete 8.9s ⠿ 62f08ce71bec Pull complete 9.2s ⠿ d38409d4fe39 Pull complete 9.3s ⠿ 69660b09776f Pull complete 9.3s ⠿ c4586c62a4dc Pull complete 19.8s ⠿ f0df85af0940 Pull complete 22.0s ⠿ 5a8e4a6fcc26 Pull complete 23.7s ⠿ 0097375c0187 Pull complete 23.7s ⠿ 4f4fb700ef54 Pull complete 23.8s ⠿ 3784376000f1 Pull complete 26.5s clarjon1@testvm ~/docker-test [19:55:03] > $ sudo docker-compose up -d [+] Running 2/2 ⠿ Network docker-test_default Created 0.0s ⠿ Container drawio Started 0.4s clarjon1@testvm ~/docker-test [19:55:10] > $ docker ps permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/json": dial unix /var/run/docke r.sock: connect: permission denied clarjon1@testvm ~/docker-test [19:55:12] > $ sudo docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES ffdf45117319 jgraph/drawio "/docker-entrypoint.…" 4 seconds ago Up 3 seconds (health: starting) 8443/tcp, 0.0.0.0:8082->8080/tcp, :::8082->8080/tcp drawio clarjon1@testvm ~/docker-test [19:55:14] > $ sudo docker exec -it ffd /bin/sh $ bin/version.sh Using CATALINA_BASE: /usr/local/tomcat Using CATALINA_HOME: /usr/local/tomcat Using CATALINA_TMPDIR: /usr/local/tomcat/temp Using JRE_HOME: /opt/java/openjdk Using CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar:/usr/local/tomcat/bin/tomcat-juli.jar Using CATALINA_OPTS: NOTE: Picked up JDK_JAVA_OPTIONS: --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/ja va.util.concurrent=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED Server version: Apache Tomcat/9.0.72 Server built: Feb 18 2023 09:25:13 UTC Server number: 9.0.72.0 OS Name: Linux OS Version: 6.2.1-zen1-1-zen Architecture: amd64 JVM Version: 11.0.18+10 JVM Vendor: Eclipse Adoptium
Contents of my docker-compose.yml:
#This compose file adds diagrams.net (ex draw.io) to your stack version: '3.5' services: drawio: image: jgraph/drawio container_name: drawio restart: unless-stopped ports: - 8082:8080 # - 8443:8443 environment: PUBLIC_DNS: domain ORGANISATION_UNIT: unit ORGANISATION: org CITY: city STATE: state COUNTRY_CODE: country healthcheck: test: ["CMD-SHELL", "curl -f http://domain:8080 || exit 1"] interval: 1m30s timeout: 10s retries: 5 start_period: 10s
The docs are wrong, we've changed them. We do change the image base around depending on what snyk recommends to be the least vulnerable image at the time.
heyo!
Latest docker image pulled thru offered
docker-compose.yml
has a tomcat 9.0.72 version installed instead of advertised 10.1On a fresh VM that I just installed to test:
Contents of my docker-compose.yml: