You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@guacamole.apache.org by "Nick Couchman (JIRA)" <ji...@apache.org> on 2018/05/06 15:45:00 UTC
[jira] [Commented] (GUACAMOLE-563) Tomcat Version is not the same
at pushed image on the Docker Hub
[ https://issues.apache.org/jira/browse/GUACAMOLE-563?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16465198#comment-16465198 ]
Nick Couchman commented on GUACAMOLE-563:
-----------------------------------------
Yes...the master branch has been updated and will be updated in the next release, while the Docker Hub version is the latest release (0.9.14). It will be updated when 1.0.0 is released.
> Tomcat Version is not the same at pushed image on the Docker Hub
> ----------------------------------------------------------------
>
> Key: GUACAMOLE-563
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-563
> Project: Guacamole
> Issue Type: Bug
> Components: guacamole-client
> Affects Versions: 0.9.14
> Environment: Docker Container
> Reporter: Kevin Schley
> Priority: Critical
> Labels: security-issue
>
> Currently the Dockerfile is not the same at Docker Hub and the Github Repo: [https://github.com/apache/guacamole-client/blob/fed51332952a23c5e9a5ddab38ded23f092299b8/Dockerfile#L27]
> ARG TOMCAT_VERSION=8.5
> The Docker Tag "latest" and "0.9.14" use an "Apache Tomcat/8.0.20" [https://hub.docker.com/r/guacamole/guacamole/|https://hub.docker.com/r/guacamole/guacamole/this]
> this version have a Lots of Security Vulnerabilities:
> [https://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-887/version_id-190754/Apache-Tomcat-8.0.20.html]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)