Fix Docker images vulnerabilities in server base image #942
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Latest fixes for two newer vulnerabilities - urllib3, libc6. - urllib3 - Previous commit contains fixes by removing stale package versions. However, vulnerability still exists which is unusual since locally run docker image doesn't contain vulnerable file path. Possibly, next commit resolves this by using latest image. - libc6 - No remediation available when vulnerability was just found. Remediation is provided now which suggests upgrading all installed packages in base ubuntu image.
shankari
requested changes
Oct 20, 2023
Comment on lines
+19
to
+20
| RUN apt-get -y -qq update && apt-get -y -qq upgrade | ||
|
|
There was a problem hiding this comment.
@MukuFlash03 is there a reason why this is not actually just a upgrade of the base image either?
FROM ubuntu:jammy
again, you want to avoid blanket updates in the dockerfile
There was a problem hiding this comment.
I am merging this for now to fix the security vulnerabilities, but I would like to see some discussion around this.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Latest fixes for two newer vulnerabilities - urllib3, libc6.
urllib3 - Previous commit contains fixes by removing stale package versions. However, vulnerability still exists which is unusual since locally run docker image doesn't contain vulnerable file path. Possibly, next commit resolves this by using latest image.
libc6 - No remediation available when vulnerability was just found. Remediation is provided now which suggests upgrading all installed packages in base ubuntu image.