[
https://issues.apache.org/jira/browse/SOLR-16523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17635556#comment-17635556
]
Ritchie Gu commented on SOLR-16523:
-----------------------------------
Thanks [~janhoy]
The reason i'm wondering if we can remove `gosu` from our installation is due
to we have to be federal compliance. Their initial scan identified lots of
golang related CVEs from this image(We pull it straight from solr dockerhub).
I'd like to make a pull request for you guys to remove it, should I just do it
directly in github or is there any process I will need to follow
> gosu binary version
> -------------------
>
> Key: SOLR-16523
> URL: https://issues.apache.org/jira/browse/SOLR-16523
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Docker
> Affects Versions: 8.11.2
> Reporter: Ritchie Gu
> Priority: Major
>
> I noticed that as part of the process, it's installing gosu and few other
> packages
> [https://github.com/apache/solr-docker/blob/main/8.11-slim/Dockerfile#L20,]
> The version of gosu gets installed is a bit of old, and do you have any plan
> to install newer version gosu in?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
