Details
-
Bug
-
Resolution: Done
-
Critical
-
None
-
None
-
None
-
Build Team 2022 Sprint 17
-
1
Description
At least couchbase-operator/docker/couchbase-operator/Dockerfile.rhel is locked to UBI8 version 8.4-200, which is from June 2021. Also the Dockerfile skips the necessary step to install security updates with a comment that this is OK because the base image is frequently updated. This resulted in at least couchbase-operator:2.3.2 shipping with four known CVEs.
We should only reference UBI8 version "8" so we always pull and build with the latest, most up-to-date version.
Attachments
Issue Links
- mentioned in
-
Page Loading...