Closed TheSinding closed 2 years ago
@VerscheldeAlynne Yeah and as I might agree with some of that - Having an image 3 years old and with the introduction of the new Log4J CVE, it might be worth considering to update the image, don't you think ?
For clarification, log4j is not a dependency of the project.
But it is in the Tomcat image or am I wrong ? CVE
I've just noticed the alpine dockerfile uses a Tomcat image from 3 years ago. A Snyk analysis says there is 87 security flaws and 17 is high risk source
Is it easily updatable ?