Vulnerabilities in Trino Docker images - 460, 461, 462, 463, 464

[venkata2395]

Hi Trino Maintainers,

We have observed that recent Trino Docker images contain several security vulnerabilities, as highlighted by security scans from tools like Azure Defender/trivy etc. Given the critical nature of some of these vulnerabilities, they could pose risks in production-like environments.

1. Is there an active effort to address these image vulnerabilities? If so, is there a timeline for releasing patched images?
2. Are there any plans to adopt a regular security review process or release cadence to minimize vulnerabilities in future image releases?

Thank you for your hard work on Trino! Please let us know if the community can assist or provide feedback in addressing these issues.

[nineinchnick]

Report issues like this in the main Trino repository, where the image is actually built. Also, please list the vulnerabilities in question, together with affected components. If it comes from the base image I doubt we can do much.