[
https://issues.apache.org/jira/browse/SOLR-16523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17630416#comment-17630416
]
Ritchie Gu commented on SOLR-16523:
-----------------------------------
Hi [~janhoy] , our use case is very straightforward.
We pull the solr docker image from your official dockerhub, deploy it to
kubernetes cluster and use it as a solr exporter. The reason we started
noticing gosu was our security team told us that the solr image we are using
has lots of go related CVEs.
What do you think we remove it if it's not been used by solr?
> gosu binary version
> -------------------
>
> Key: SOLR-16523
> URL: https://issues.apache.org/jira/browse/SOLR-16523
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Docker
> Affects Versions: 8.11.2
> Reporter: Ritchie Gu
> Priority: Major
>
> I noticed that as part of the process, it's installing gosu and few other
> packages
> [https://github.com/apache/solr-docker/blob/main/8.11-slim/Dockerfile#L20,]
> The version of gosu gets installed is a bit of old, and do you have any plan
> to install newer version gosu in?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
