Tigase Forge
Dashboards
Projects
Pull Requests
Issues
Builds
Packages
Code Search
tigase-xmpp-server-docker
Code
Pull Requests
Issues
List
Boards
Iterations
Builds
Statistics
Child Projects
OneDev 11.5.2
Documentation Support & Bug Report RESTful API Incompatibilities License Agreement Check Update
Projects tigase _server tigase-xmpp-server-docker Issues #20
Regenerate Docker images after CVE-2022-21449 (#20)
wojciech.kapcia@tigase.net opened 3 years ago

https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/ https://openjdk.java.net/groups/vulnerability/advisories/2022-04-19

In general it's up to system administrator to keep JVM version up to date but we should regenerate docker images with updated JVM version as we provide them.
wojciech.kapcia@tigase.net commented 3 years ago

After investigation it turns out that there are no updated docker images that fixes the issue. There is for example jdk-11.0.15+10 from 22 April 2022 (https://adoptium.net/temurin/releases/) but no relevant docker image: https://hub.docker.com/_/eclipse-temurin?tab=tags&page=1&name=11.0.15

Putting this on hold for a couple of days.
wojciech.kapcia@tigase.net commented 3 years ago

Images regenerated.
wojciech.kapcia@tigase.net moved 1 year ago
Previous Value Current Value 
tigase-private/Docker support
 
tigase/_server/tigase-xmpp-server-docker
issue 1 of 1
Type
Task
Priority
Normal
Assignee
wojciech.kapcia@tigase.net
Version
tigase-server-8.3.0
Issue Votes (0)
Login to vote
Watchers (0)
Reference
tigase/_server/tigase-xmpp-server-docker#20
Please wait...
Page is in error, reload to recover