[jira] [Created] (ZOOKEEPER-4616) Upgrade docker image to resolve CVEs

[hang chen (Jira)]

hang chen created ZOOKEEPER-4616:
------------------------------------

             Summary: Upgrade docker image to resolve CVEs
                 Key: ZOOKEEPER-4616
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4616
             Project: ZooKeeper
          Issue Type: Improvement
            Reporter: hang chen


The current docker image `maven:3.6.3-jdk-8` has many critical security issues.

maven@3.6.3-jdk-8 › dpkg@1.19.7 has 
[CVE-2022-1664|https://www.cve.org/CVERecord?id=CVE-2022-1664]

maven@3.6.3-jdk-8 › openssl@1.1.1d-0+deb10u6 has 
[CVE-2021-3711|https://www.cve.org/CVERecord?id=CVE-2021-3711]

maven@3.6.3-jdk-8 › gzip@1.9-3 has 
[CVE-2022-1271|https://www.cve.org/CVERecord?id=CVE-2022-1271]

 

We need to upgrade the docker base image to version `maven:3.8.4-jdk-8`



--
This message was sent by Atlassian Jira
(v8.20.10#820010)