Is your feature request related to a problem?
Dockerhub (and our private ECR repo) reports vulnerabilities for all docker images:
https://hub.docker.com/_/amazoncorretto/tags
Describe a solution you would like
Fixing those vulnerabilities; as they are triggering alerts and blocking pipelines.
Describe alternatives you have considered
I tried to update corretto versions in those images, but there does not seem to be any yum patched version.
Additions:
I followed the first steps from: https://aws.amazon.com/corretto/faqs/#topic-1
"Why does security scanner show that a docker image has a CVE?"
ie: tried "yum update -y --security", but that did only solved the libxml2
but I did not raise this a security issue, just creating this ticket for now
Is your feature request related to a problem?
Dockerhub (and our private ECR repo) reports vulnerabilities for all docker images:
https://hub.docker.com/_/amazoncorretto/tags
Describe a solution you would like
Fixing those vulnerabilities; as they are triggering alerts and blocking pipelines.
Describe alternatives you have considered
I tried to update corretto versions in those images, but there does not seem to be any yum patched version.
Additions:
I followed the first steps from: https://aws.amazon.com/corretto/faqs/#topic-1
"Why does security scanner show that a docker image has a CVE?"
ie: tried "yum update -y --security", but that did only solved the libxml2
but I did not raise this a security issue, just creating this ticket for now