style95 commented on issue #4430: [WIP] Update docker client version to 18.09.4 URL: https://github.com/apache/incubator-openwhisk/pull/4430#issuecomment-482477800 I have discussed this issue with @sven-lange-last. Let me share the results here. 1. Generally, it takes some times to upgrade docker version for many reasons. So it would require some time for downstream to use the latest docker version in their production. 2. But at the same time CVE should be properly handled. This CVE, https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5736 requires docker >=18.06.2 So if we upgrade the docker version to 18.06.x rather than 18.09, it would give more time to downstream at the same time resolve the CVE.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
