search

nodejs / docker-node

Official Docker Image for Node.js :whale: :turtle: :rocket:
https://hub.docker.com/_/node/
MIT License
8.13k stars 1.95k forks source link

Node 16-alpine3.18 has an openssl vulnerability and needs to upgrade to 16-alpine3.18 #2102

Closed magestican closed 2 weeks ago

magestican commented 2 weeks ago

Problem

Hi there team, I am in charge of maintaining some old node16 applications and the security team has reported an issue with alpine3.18 as it has known openssl vulnerabilities, as well as busybox memory leak issues.

Screen Shot 2024-06-11 at 11 17 43 am

Solution

Could someone please publish a new version of node aline 16 ? 16-alpine3.20 has all the vulnerabilities fixed, that way I can keep the servers running for my applications.

Alternatives to Consider

Open to any alternative solutions

nschonni commented 2 weeks ago

Node 16 has been EOL for some time https://github.com/nodejs/Release/?tab=readme-ov-file#end-of-life-releases. No patching or support is given to EOL branches