eddelbuettel
commented
4 months ago Thanks for the note. I am sure you already realized you also have 4.3.2 and 4.3.3 at your disposal. We tend to not rewrite history: immutable images remain immutable.
Closed project-defiant closed 4 months ago
eddelbuettel
commented
4 months ago Thanks for the note. I am sure you already realized you also have 4.3.2 and 4.3.3 at your disposal. We tend to not rewrite history: immutable images remain immutable.
project-defiant
commented
4 months ago Ahh right I was looking specifically for 4.3.1. Thanks for reminding me about newer patches!
cboettig
commented
4 months ago @project-defiant note that there is also the "versioned stack" in rocker, e.g. rocker/r-ver:4.3.1 which exists for this purpose: https://hub.docker.com/layers/rocker/r-ver/4.3.1/images/sha256-4968bb94b4ae540bf2e0cb7730d9c85ff0302073d5347a9f23cead2daef42e86?context=explore .
(Note that the versioned stack builds with the corresponding versions of R packages which were present at the time, but builds on ubuntu LTS releases which continue to receive security patches).
Hello, team,
I was lately looking over the R images for 4.3.1 in the repo and have found some issue with the base docker image used to build the
r-base:4.3.1discovered by docker scout - https://scout.docker.com/vulnerabilities/id/CVE-2023-45853?s=debian&n=zlib&ns=debian&t=deb&osn=debian&osv=unstable&vr=%3C1%3A1.3.dfsg-2&utm_source=hub&utm_medium=ExternalLinkIs there any chance that the r-base image will be bumped to omit this vulnerability ?
Keep up great work!