ci.docker icon indicating copy to clipboard operation
ci.docker copied to clipboard
verified publisher icon WASdev

OpenSSL vulnerability

Open TigerAVAF6R opened this issue 4 years ago • 2 comments

Hi Team, I am working for IBM, and we are using the liberty image for our app, our app is running on an openshift based platform inside IBM called Cirrus, our images are scanned by the platform and we received some high vulnerability issues related to openssl. Can anyone help to check and fix this ? Or do you have any suggestion what we can do to fix the issue ?

I am using the latest tag to pull the image: docker pull websphere-liberty image

TigerAVAF6R avatar Feb 01 '21 06:02 TigerAVAF6R

hi @TigerAVAF6R - we are waiting for IBM Java layer to upgrade to Ubuntu 20.04, which should help solve a lot of security vulnerabilities. Another option is to use the UBI-based images for WebSphere Liberty, found here.

arthurdm avatar Feb 02 '21 01:02 arthurdm

@arthurdm Thanks for the info, do you know when the fix will be released ? By the way, what's the difference between this liberty image and UBI-based image ?

TigerAVAF6R avatar Feb 02 '21 05:02 TigerAVAF6R