Hello Team, Our team relies on the official Flink Docker image<https://github.com/apache/flink-docker> for the data stream processing applications. Recently, our InfoSec team identified a significant number of security vulnerabilities in the current base image. These vulnerabilities originate from the OS packages used in Ubuntu Jammy (v22) and pose a security risk to our deployments. For example, we've noted the following CVEs:
* CVE-2022-41409<https://nvd.nist.gov/vuln/detail/CVE-2022-41409> * CVE-2022-4899<https://nvd.nist.gov/vuln/detail/CVE-2022-4899> * CVE-2023-4039<https://nvd.nist.gov/vuln/detail/CVE-2023-4039> * CVE-2023-52452<https://nvd.nist.gov/vuln/detail/CVE-2023-52452> * CVE-2024-26699<https://nvd.nist.gov/vuln/detail/CVE-2024-26699> * CVE-2023-6610<https://nvd.nist.gov/vuln/detail/CVE-2023-6610> The recommended fix for these issues is to update to the versions available in Ubuntu Noble (v24). Consequently, to continue using the official Docker image securely, we need its base OS to be updated to Ubuntu Noble (v24). We noticed an open pull request<https://github.com/apache/flink-docker/pull/229>, from a community member that addresses this OS update. At the same time, we have created a related JIRA ticket, FLINK-38419<https://issues.apache.org/jira/browse/FLINK-38419>, to track the request. We would greatly appreciate it if the community could provide guidance on the next steps for this PR or consider prioritizing a direct update of the official image. We are happy to assist where possible. Best regards, Rahul Pandey
