[
https://issues.apache.org/jira/browse/GUACAMOLE-1229?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17244756#comment-17244756
]
Mike Jumper commented on GUACAMOLE-1229:
----------------------------------------
{quote}
it seems like the latest image on dockerhub is 5 months old so no fix for the
latest CVE-2020-17527 is included.
Is there any chance we see a fix in the near future?
{quote}
Yes. It's looking like the issues within scope of 1.3.0 are wrapping up, and a
1.3.0 release would mean new Docker images.
That said, an image rebuild would be sufficient to pick up any updates to
ancestor images like the Tomcat image. If you need something sooner, I'd say
just build the image yourself locally (the relevant Dockerfile is part of each
git repository) or just deploy without Docker.
We build these images as part of the release process, but it's probably worth
looking into automated image rebuilds. I'll keep this issue open as an anchor
for that improvement to processes.
> Fix in Dockerhub for latest CVE-2020-17527
> ------------------------------------------
>
> Key: GUACAMOLE-1229
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1229
> Project: Guacamole
> Issue Type: Bug
> Reporter: Jia Oneill
> Priority: Major
>
> Hi,
>
> it seems like the latest image on dockerhub is 5 months old so no fix for the
> latest CVE-2020-17527 is included.
>
> Is there any chance we see a fix in the near future?
>
> Thanks!
>
> regards
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
