Uploaded image for project: 'FOLIO'
  1. FOLIO
  2. FOLIO-1722

Update FOLIO Docker image: Alpine 3.10, openjdk-jre-base 8.222, agent-bond 1.2.0.

    XMLWordPrintable

Details

    • 2
    • Core: Platform

    Description

      The Alpine base FOLIO Docker image uses Alpine 3.5: https://github.com/folio-org/folio-tools/blob/76aa61f/folio-java-docker/openjdk8/Dockerfile.openjdk8-jre-alpine

      Alpine 3.5 is out of support since 2018-11-01, no security updates:
      https://wiki.alpinelinux.org/wiki/Alpine_Linux:Releases

      Alpine 3.5 uses linux-vanilla 4.4.59-r1 that has more than 150 known security vulnerabilities: https://www.cvedetails.com/version/221677/Linux-Linux-Kernel-4.4.59.html

      Alpine 3.5 uses openjdk8 8.191 that has more than 25 security vulnerabilities: https://pkgs.alpinelinux.org/packages?name=openjdk8&branch=v3.5 https://openjdk.java.net/groups/vulnerability/advisories/2019-10-15 https://openjdk.java.net/groups/vulnerability/advisories/2019-07-16 https://openjdk.java.net/groups/vulnerability/advisories/2019-04-16

      Alpine 3.5 uses curl 7.61.1 that has 10 known security vulnerabilities: https://curl.haxx.se/docs/vuln-7.61.1.html

      Alpine 3.5 uses busybox 1.25.1. that has 2 known security vulnerabilities: https://www.cvedetails.com/version/257068/Busybox-Busybox-1.25.1.html

      Using the fabric8 image as a base will automatically update Alpine,
      openjdk and agent-bond.

      TestRail: Results

        Attachments

          Issue Links

            blocks

            Task - A task that needs to be done. FOLIO-1544 switch to Alpine to shrink docker containers

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed
            is blocked by

            Task - A task that needs to be done. FOLIO-1724 Test updated alpine base FOLIO Docker image

            • P2 - normal priority level, must be included in the current development cycle
            • Closed
            relates to

            Bug - A problem which impairs or prevents the functions of the product. FOLIO-2367 Remove openjdk8-jre-alpine

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Task - A task that needs to be done. FOLIO-1941 SPIKE: Revisit approach to the FOLIO base Docker image

            • P2 - normal priority level, must be included in the current development cycle
            • Closed

            New Feature - New feature requests UXPROD-1821 3rd party dependency upgrades (Q4 2019)

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Task - A task that needs to be done. UXPROD-2214 3rd party dependency upgrades (Q1 2020)

            • P3 - low priority level, item will be considered for inclusion in the next dev cycle
            • Closed

            Activity

              People

                julianladisch Julian Ladisch
                julianladisch Julian Ladisch
                John Malconian John Malconian
                Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases