[
https://issues.apache.org/jira/browse/SOLR-17755?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18019002#comment-18019002
]
Jan Høydahl commented on SOLR-17755:
------------------------------------
If you want to help close some of the JIRAs you opened, please see
[https://lists.apache.org/thread/fkb9dgtybbjz4f5jzk6qb6ysh18bt5n5] how you can
contribute to upgrading various solr dependencies for the upcoming 10.0 or 9.10
releases. Some of those open JIRAs may even be closed following the merge of
several depency upgrades lately.
[https://github.com/apache/solr/issues?q=is%3Apr+is%3Aopen+author%3Asolrbot]
> Official Docker Images with a horrible number of security vulnerabilities
> -------------------------------------------------------------------------
>
> Key: SOLR-17755
> URL: https://issues.apache.org/jira/browse/SOLR-17755
> Project: Solr
> Issue Type: Bug
> Components: Docker
> Affects Versions: 9.8.1
> Reporter: Alexander Veit
> Priority: Major
> Fix For: main (10.0)
>
> Attachments: image-2025-05-07-19-43-18-313.png
>
>
> The official Solr container image adds 73 security vulnerabilities, four of
> them with critical, and 37 of them with high severity, to the base image.
> These vulnerabilities show up not only on DockerHub but also in corporate
> security scans. According to Docker Scout these vulnerabilities could be
> fixed, so they probably should be fixed.
> !image-2025-05-07-19-43-18-313.png!
> https://hub.docker.com/layers/library/solr/9.8.1/images/sha256-2b79aecf860291dc257460e934e275af9bb79fda1991a2c6072535d18a63f07a
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org
