Closed aedryan closed 4 months ago
CamJN
commented
1 year ago There is no specific schedule for releases, and with the addition of ARM images pushing the build time to 10+hours I can't say with a straight face that I'm going to speed up the releases I do make, luckily it's really easy to build the image yourself, just slow if you want to cross compile.
CamJN
commented
1 year ago Also would this perhaps be better addressed upstream in the baseimage repo?
samip5
commented
1 year ago Also would this perhaps be better addressed upstream in the baseimage repo?
The issue is not with the baseimage, as there are newer images. Just the master tag used here is obsolete and as such not used anymore.
ajhodgson
commented
7 months ago This was addressed in https://github.com/phusion/passenger-docker/pull/376, at least upgrading the OS.
You still need to upgrade OS packages yourself regularly if you use this image.
Hello, I have attempted using this container and after running it through a security scanner there were several vulnerabilities found because I believe the last base image it builds from is on an older version of Ubuntu 20.04, some example vulnerabilities found by the scanner are below.
There were other vulnerabilities of lower importance but almost all of these are fixed in newer releases of 20.04 and those that aren't seem to be planned to be fixed. I noticed the latest master tag for the base image was published 9 months ago while a few non-master tags were pushed for specific versions. I would like to make use of the images generated from this project without generating my own so much however I realize that is a possibility. What sort of release schedule is there for the images hosted under the phusion path on docker hub and can we expect patches for these and other future vulnerabilities regularly?