Looks like base image for 8.x could be updated from 11-jre-focal to noble or something current.
But Solr 8 was discontinued almost a year ago, so the best thing to do is probably to remove 8 from list of supported docker images not to leave an impression that it is by any means secure or supported. WRT the 9.9 image it is indeed updated but we have a convervative approach with upgrading Ubuntu base image, which may lead to some Linux packages staying on older versions. CVE count from Ubuntu will never be zero. Jan Høydahl > 4. sep. 2025 kl. 13:39 skrev Ad Loos <a.l...@netmatch.nl>: > > I have the same request for the solr 9 docker images. > They seem to have quite a lot of sucurity issues, > It seems like the base image is not up to date. > > Is it possible to update the images with the most recent security updates? > > > > ________________________________ > Van: Chris Adams <ch...@improbable.org> > Verzonden: vrijdag 15 augustus 2025 20:40 > Aan: users@solr.apache.org <users@solr.apache.org> > Onderwerp: Base image update for official Docker containers > > We’re still using Solr 8 while we work around some of the removed auto > scaling features in Solr 9 and a recent security scanned raised a concern for > the 8.x containers. Those are based on Ubuntu 20.04 (via > eclipse-temurin:11-jre-focal) which is now in extended support where security > updates are only available to paying customers. > > It feels like the 8.11.4 images should either be updated or discontinued > before a more critical vulnerability is announced. Is there any interest in > updating it? > > Chris
