-
-
Notifications
You must be signed in to change notification settings - Fork 92
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Understand and document docker update policy #359
Comments
See also docker-library/tomcat#290 |
Entry in the project FAQ: https://github.com/adoptium/adoptium.net/pull/1523/files |
This was referenced Sep 28, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We had an incident recently where a critical openssl update which was released by Ubuntu on the 6th February did not make it into our container images for almost a month (1st March).
This was discussed in this slack thread and while the current images are now correct with libssl3 package
3.0.2-0ubuntu1.8
we should:Notes for reference (I'm not an expert on the base image update process so I cannot comment on the implications of these but it is just from some observations:
eclipse-temurin:17-jre
was confirmed to have been rebuilt around the 16th February with a vulnerable openssl based on the comments in the thread.The text was updated successfully, but these errors were encountered: