[FOLIO-3500] Remove folio-java-docker workarounds for zlib Created: 12/May/22 Updated: 27/Jun/22 Resolved: 27/Jun/22 |
|
| Status: | Closed |
| Project: | FOLIO |
| Components: | None |
| Affects versions: | None |
| Fix versions: | None |
| Type: | Task | Priority: | P2 |
| Reporter: | David Crossley | Assignee: | David Crossley |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | security | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original estimate: | Not Specified | ||
| Issue links: |
|
||||||||||||||||||||
| Sprint: | DevOps Sprint 142 | ||||||||||||||||||||
| Development Team: | FOLIO DevOps | ||||||||||||||||||||
| RCA Group: | TBD | ||||||||||||||||||||
| Description |
|
With
As at 2022-05-12 that fix is still not in eclipse-temurin:11-jre-alpine or eclipse-temurin:17-jre-alpine When it is available, then remove the workound in the Dockerfile of both folio-tools/folio-java-docker/openjdk11 and folio-tools/folio-java-docker/openjdk17, |
| Comments |
| Comment by Julian Ladisch [ 24/Jun/22 ] |
|
I don't see "apk upgrade" as workaround. To the contrary, this is a good security measure. To foster caching of Docker layers the alpine and the temurin image don't use "apk upgrade" and therefore may contain outdated packages with bugs and security vulnerabilities. It's the responsibility of folioci/alpine-jre-openjdk* to run "apk upgrade". Quote from https://snyk.io/blog/take-actions-to-improve-security-in-your-docker-images/ : "Any Docker image should be rebuilt regularly to prevent known vulnerabilities in your image that have already been solved." Why "apk upgrade" is recommended now but wasn't recommended a few years ago: https://pythonspeed.com/articles/security-updates-in-docker/ "What you want to do is to pin the base image version and just apt/apk update." https://cloudberry.engineering/article/dockerfile-security-best-practices/#5-do-not-upgrade-your-system-packages |
| Comment by David Crossley [ 27/Jun/22 ] |
|
Ah, thanks, must have misunderstood the linked tickets
Closing this ticket, and opening
|