[ https://issues.apache.org/jira/browse/SOLR-16523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17641917#comment-17641917 ]
Jan Høydahl commented on SOLR-16523: ------------------------------------ I see that Ubuntu maintainers patched gosu this october to rebuild from golang 1.7 to 1.13: [http://changelogs.ubuntu.com/changelogs/pool/universe/g/gosu/gosu_1.10-1ubuntu0.20.04.2/changelog] Also, Ubuntu does their own CVE patching of [golang itself|https://packages.ubuntu.com/focal/golang-1.13], see [http://changelogs.ubuntu.com/changelogs/pool/main/g/golang-1.13/golang-1.13_1.13.8-1ubuntu1.1/changelog] - latest patch update of golang 1.13 was November 9th. Solr's docker images are eventually re-built to catch such fixes. > gosu binary version > ------------------- > > Key: SOLR-16523 > URL: https://issues.apache.org/jira/browse/SOLR-16523 > Project: Solr > Issue Type: Improvement > Security Level: Public(Default Security Level. Issues are Public) > Components: Docker > Affects Versions: 8.11.2 > Reporter: Ritchie Gu > Assignee: Jan Høydahl > Priority: Major > > I noticed that as part of the process, it's installing gosu and few other > packages > [https://github.com/apache/solr-docker/blob/main/8.11-slim/Dockerfile#L20,] > The version of gosu gets installed is a bit of old, and do you have any plan > to install newer version gosu in? -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org For additional commands, e-mail: issues-h...@solr.apache.org