Derek Chen-Becker created FLINK-38419:
-----------------------------------------
Summary: Update official Flink docker images
Key: FLINK-38419
URL: https://issues.apache.org/jira/browse/FLINK-38419
Project: Flink
Issue Type: Improvement
Components: flink-docker
Reporter: Derek Chen-Becker
Our team relies on the official Flink Docker image for the data stream
processing applications. Recently, our InfoSec team identified a significant
number of security vulnerabilities in the current base image. These
vulnerabilities originate from the OS packages used in Ubuntu Jammy (v22) and
pose a security risk to our deployments.
For example, we've noted the following CVEs:
CVE-2022-41409
CVE-2022-4899
CVE-2023-4039
CVE-2023-52452
CVE-2024-26699
CVE-2023-6610
The recommended fix for these issues is to update to the versions available in
Ubuntu Noble (v24). Consequently, to continue using the official Docker image
securely, we need its base OS to be updated to Ubuntu Noble (v24).
We noticed an open pull request,
https://github.com/apache/flink-docker/pull/229, from a community member that
addresses this OS update. We would greatly appreciate it if the community could
provide guidance on the next steps for this PR or consider prioritizing a
direct update of the official image. We are happy to assist where possible.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
