[EDGCOURSES-3] apk upgrade fixing security vulnerabilities in Dockerfile Created: 21/Sep/23  Updated: 13/Oct/23

Status: Open
Project: edge-courses
Components: None
Affects versions: None
Fix versions: v1.3.0

Type: Bug Priority: P3
Reporter: Julian Ladisch Assignee: Radhakrishnan Gopalakrishnan
Resolution: Unresolved Votes: 0
Labels: security, security-reviewed
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Sprint:
Development Team: Other dev
RCA Group: Related dependency upgrade

 Description   

https://github.com/folio-org/folio-tools/tree/master/folio-java-docker/openjdk17#sample-module-dockerfile suggests:

Install latest patch versions of packages: https://pythonspeed.com/articles/security-updates-in-docker/

If not running apk upgrade in Dockerfile edge-courses may ship with vulnerable Alpine packages even when fixed packages are available.



 Comments   
Comment by Ann-Marie Breaux (Inactive) [ 25/Sep/23 ]

Hi Khalilah Gambrell and Radhakrishnan Gopalakrishnan It looks like there's no dev team assigned to this module. How would you like to handle the bug?

Comment by Craig McNally [ 28/Sep/23 ]

Radhakrishnan Gopalakrishnan the security team wanted to make sure this was on your radar.  Let us know if you have any questions.  Thanks

Generated at Thu Feb 08 22:32:36 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.