Uploaded image for project: 'FOLIO'
  1. FOLIO
  2. FOLIO-1722

Update FOLIO Docker image: Alpine 3.10, openjdk-jre-base 8.222, agent-bond 1.2.0.

    XMLWordPrintable

    Details

    • Template:
    • Story Points:
      2
    • Development Team:
      Core: Platform

      Description

      The Alpine base FOLIO Docker image uses Alpine 3.5: https://github.com/folio-org/folio-tools/blob/76aa61f/folio-java-docker/openjdk8/Dockerfile.openjdk8-jre-alpine

      Alpine 3.5 is out of support since 2018-11-01, no security updates:
      https://wiki.alpinelinux.org/wiki/Alpine_Linux:Releases

      Alpine 3.5 uses linux-vanilla 4.4.59-r1 that has more than 150 known security vulnerabilities: https://www.cvedetails.com/version/221677/Linux-Linux-Kernel-4.4.59.html

      Alpine 3.5 uses openjdk8 8.191 that has more than 25 security vulnerabilities: https://pkgs.alpinelinux.org/packages?name=openjdk8&branch=v3.5 https://openjdk.java.net/groups/vulnerability/advisories/2019-10-15 https://openjdk.java.net/groups/vulnerability/advisories/2019-07-16 https://openjdk.java.net/groups/vulnerability/advisories/2019-04-16

      Alpine 3.5 uses curl 7.61.1 that has 10 known security vulnerabilities: https://curl.haxx.se/docs/vuln-7.61.1.html

      Alpine 3.5 uses busybox 1.25.1. that has 2 known security vulnerabilities: https://www.cvedetails.com/version/257068/Busybox-Busybox-1.25.1.html

      Using the fabric8 image as a base will automatically update Alpine,
      openjdk and agent-bond.

        TestRail: Results

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                julianladisch Julian Ladisch
                Reporter:
                julianladisch Julian Ladisch
                Tester Assignee:
                John Malconian John Malconian
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:

                    TestRail: Runs

                      TestRail: Cases