Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Image vulnerabilities #67

Open
damianoneill opened this issue Jun 13, 2017 · 10 comments
Open

Image vulnerabilities #67

damianoneill opened this issue Jun 13, 2017 · 10 comments

Comments

@damianoneill
Copy link

Are there any plans to update the images to remove the vulnerabilities identified here?

https://hub.docker.com/r/library/couchbase/tags/

@tleyden
Copy link
Contributor

tleyden commented Jun 13, 2017

Cheers @damianoneill -- I'm not able to see the actual vulnerabilities. Do you happen to know how to get details on this?

@damianoneill
Copy link
Author

damianoneill commented Jun 13, 2017 via email

@tleyden
Copy link
Contributor

tleyden commented Jun 13, 2017

I see it now, thanks.

@tleyden
Copy link
Contributor

tleyden commented Jun 13, 2017

Not sure why github didn't render the images in the last comment:

couchbase-d

couchbase-v

@ceejatec
Copy link
Contributor

We do have a ticket, although it hasn't yet seen much action: https://issues.couchbase.com/browse/MB-23754

@tleyden
Copy link
Contributor

tleyden commented Jun 14, 2017

Cheers @ceejatec -- I'm going to close this one in favor of https://issues.couchbase.com/browse/MB-23754 so we don't have duplicate tickets floating around.

@damianoneill Thanks again for reporting -- can you subscribe to updates to https://issues.couchbase.com/browse/MB-23754?

@tleyden tleyden closed this as completed Jun 14, 2017
@damianoneill
Copy link
Author

damianoneill commented Jun 14, 2017 via email

@ceejatec
Copy link
Contributor

Apologies, that ticket is marked Private and I hadn't noticed. You won't be able to see if even if you do get logged in.

For what it's worth, the majority of the vulnerabilities shown are from the underlying Ubuntu 14.04 base image, so there is a limited amount we can do about them. Our next major release will be available on Ubuntu 16.04 and we will also update the Docker image to be based on that Ubuntu release, so hopefully that will at least help. Of the reported vulnerabilities in libraries Couchbase itself depends on and provides, most will not be updated in the 4.6 line since they would require significant effort to adopt that is likely unreasonable for a patch release. Several of them are updated in our upcoming major release.

@tleyden
Copy link
Contributor

tleyden commented Jun 14, 2017

@damianoneill Thanks for heads up! I'll re-open this so that you and other interested parties can track the status. Hopefully it will get a huge leap in our next major release as @ceejatec mentioned.

@tleyden tleyden reopened this Jun 14, 2017
@damianoneill
Copy link
Author

damianoneill commented Jun 14, 2017 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants