[
https://issues.apache.org/jira/browse/SOLR-16523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17641852#comment-17641852
]
Jan Høydahl commented on SOLR-16523:
------------------------------------
I propose to close this as "Not a problem". In my eyes, gosu brings a valid
capability to image users, and staying on the version supported by our chosen
distro brings simplicity and less maintenance to the Dockerfile.
As long as there is no real problem orexploitable vulnerability here, just
getting the warn-count lower for a Docker-image scanning tool is not very
helpful.
Please re-try opening a PR for jattach version in 8.11 image, no need for a
separate Jira for that I think.
> gosu binary version
> -------------------
>
> Key: SOLR-16523
> URL: https://issues.apache.org/jira/browse/SOLR-16523
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Components: Docker
> Affects Versions: 8.11.2
> Reporter: Ritchie Gu
> Priority: Major
>
> I noticed that as part of the process, it's installing gosu and few other
> packages
> [https://github.com/apache/solr-docker/blob/main/8.11-slim/Dockerfile#L20,]
> The version of gosu gets installed is a bit of old, and do you have any plan
> to install newer version gosu in?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
