[
https://issues.apache.org/jira/browse/SOLR-17755?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18019020#comment-18019020
]
Jan Høydahl commented on SOLR-17755:
------------------------------------
Scan of current main branch still has several golang issues.
!Skjermbilde 2025-09-09 kl. 10.41.39.png|width=591,height=53!
I filed a PR in SOLR-17445 to upgrade Docker base image to ubuntu noble, which
will bump golang from 1.18.1 to 1.22.2, solving many of these.
> Official Docker Images with a horrible number of security vulnerabilities
> -------------------------------------------------------------------------
>
> Key: SOLR-17755
> URL: https://issues.apache.org/jira/browse/SOLR-17755
> Project: Solr
> Issue Type: Bug
> Components: Docker
> Affects Versions: 9.8.1
> Reporter: Alexander Veit
> Priority: Major
> Fix For: main (10.0)
>
> Attachments: Skjermbilde 2025-09-09 kl. 10.41.39.png,
> image-2025-05-07-19-43-18-313.png
>
>
> The official Solr container image adds 73 security vulnerabilities, four of
> them with critical, and 37 of them with high severity, to the base image.
> These vulnerabilities show up not only on DockerHub but also in corporate
> security scans. According to Docker Scout these vulnerabilities could be
> fixed, so they probably should be fixed.
> !image-2025-05-07-19-43-18-313.png!
> https://hub.docker.com/layers/library/solr/9.8.1/images/sha256-2b79aecf860291dc257460e934e275af9bb79fda1991a2c6072535d18a63f07a
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
