You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "Mike Jumper (Jira)" <ji...@apache.org> on 2020/12/06 15:35:00 UTC
[jira] [Commented] (GUACAMOLE-1229) Fix in Dockerhub for latest
CVE-2020-17527
[ https://issues.apache.org/jira/browse/GUACAMOLE-1229?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17244756#comment-17244756 ]
Mike Jumper commented on GUACAMOLE-1229:
----------------------------------------
{quote}
it seems like the latest image on dockerhub is 5 months old so no fix for the latest CVE-2020-17527 is included.
Is there any chance we see a fix in the near future?
{quote}
Yes. It's looking like the issues within scope of 1.3.0 are wrapping up, and a 1.3.0 release would mean new Docker images.
That said, an image rebuild would be sufficient to pick up any updates to ancestor images like the Tomcat image. If you need something sooner, I'd say just build the image yourself locally (the relevant Dockerfile is part of each git repository) or just deploy without Docker.
We build these images as part of the release process, but it's probably worth looking into automated image rebuilds. I'll keep this issue open as an anchor for that improvement to processes.
> Fix in Dockerhub for latest CVE-2020-17527
> ------------------------------------------
>
> Key: GUACAMOLE-1229
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1229
> Project: Guacamole
> Issue Type: Bug
> Reporter: Jia Oneill
> Priority: Major
>
> Hi,
>
> it seems like the latest image on dockerhub is 5 months old so no fix for the latest CVE-2020-17527 is included.
>
> Is there any chance we see a fix in the near future?
>
> Thanks!
>
> regards
--
This message was sent by Atlassian Jira
(v8.3.4#803005)