makuk66
commented
6 years ago Hi Subhankar
Please file issues for Solr in https://github.com/docker-solr/docker-solr, not in this repository.
The way the docker-solr image is put together, is that we take the official docker java image, add Solr, and a few scripts. So if security vulnerabilities exist in the java image (or, more likely in the buildpack that it is based on), report them at the docker library, although in all probability they are at the mercy of their upstream distribution providers too. If there are issues in Solr, report them at the Solr project. If there is a security problem with the packaging provided by docker-solr, then file a github issue on https://github.com/docker-solr/docker-solr.
None of the three examples you provided have anything to do with solr or the docker-solr packaging, and are outside our control.
Hi, We are using the official solr:6.5 image for our project and ran the clair-scanner_linux_amd64 to scan for vulnerabilities and found about 90 total vulnerabilities with several medium and high. Example: CVE-2017-12424, CVE-2017-10989, CVE-2017-14062 etc.
Wanted to check if these have been patched (i ran the scanner on later solr:7.2 and found same number of vulnerabilities) or what would be correct approach to patch these vulnerabilities.
Regards Subhankar