[
https://issues.apache.org/jira/browse/GUACAMOLE-563?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16465198#comment-16465198
]
Nick Couchman commented on GUACAMOLE-563:
-----------------------------------------
Yes...the master branch has been updated and will be updated in the next
release, while the Docker Hub version is the latest release (0.9.14). It will
be updated when 1.0.0 is released.
> Tomcat Version is not the same at pushed image on the Docker Hub
> ----------------------------------------------------------------
>
> Key: GUACAMOLE-563
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-563
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole-client
> Affects Versions: 0.9.14
> Environment: Docker Container
> Reporter: Kevin Schley
> Priority: Critical
> Labels: security-issue
>
> Currently the Dockerfile is not the same at Docker Hub and the Github Repo:
> [https://github.com/apache/guacamole-client/blob/fed51332952a23c5e9a5ddab38ded23f092299b8/Dockerfile#L27]
> ARG TOMCAT_VERSION=8.5
> The Docker Tag "latest" and "0.9.14" use an "Apache Tomcat/8.0.20"
> [https://hub.docker.com/r/guacamole/guacamole/|https://hub.docker.com/r/guacamole/guacamole/this]
> this version have a Lots of Security Vulnerabilities:
>
> [https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-887/version_id-190754/Apache-Tomcat-8.0.20.html]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
