This is an automated email from the ASF dual-hosted git repository.
eolivelli pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/zookeeper.git
The following commit(s) were added to refs/heads/master by this push:
new e2bc3dd16 ZOOKEEPER-4616: Upgrade docker image to resolve CVEs
e2bc3dd16 is described below
commit e2bc3dd1618405a67e9b412f8ef67eb84141eb76
Author: chenhang <[email protected]>
AuthorDate: Thu Sep 29 16:36:01 2022 +0200
ZOOKEEPER-4616: Upgrade docker image to resolve CVEs
The current docker image `maven:3.6.3-jdk-8` has many critical security
issues.
maven3.6.3-jdk-8 › dpkg1.19.7 has
[CVE-2022-1664](https://www.cve.org/CVERecord?id=CVE-2022-1664)
maven3.6.3-jdk-8 › openssl1.1.1d-0+deb10u6 has
[CVE-2021-3711](https://www.cve.org/CVERecord?id=CVE-2021-3711)
maven3.6.3-jdk-8 › gzip1.9-3 has
[CVE-2022-1271](https://www.cve.org/CVERecord?id=CVE-2022-1271)
We need to upgrade the docker base image to version `maven:3.8.4-jdk-8`
See [ZOOKEEPER-4616](https://issues.apache.org/jira/browse/ZOOKEEPER-4616)
for full details.
Author: chenhang <[email protected]>
Reviewers: Enrico Olivelli <[email protected]>
Closes #1927 from hangc0276/chenhang/ZOOKEEPER-4616
---
dev/docker/Dockerfile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/dev/docker/Dockerfile b/dev/docker/Dockerfile
index bd2977f74..a1b33569e 100644
--- a/dev/docker/Dockerfile
+++ b/dev/docker/Dockerfile
@@ -17,7 +17,7 @@
# under the License.
#
-FROM maven:3.6.3-jdk-8
+FROM maven:3.8.4-jdk-8
RUN apt-get update
RUN apt-get install -y \
