You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@solr.apache.org by "Jan Høydahl (Jira)" <ji...@apache.org> on 2022/12/01 13:29:00 UTC

[jira] [Resolved] (SOLR-16523) gosu binary version

     [ https://issues.apache.org/jira/browse/SOLR-16523?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jan Høydahl resolved SOLR-16523.
--------------------------------
    Resolution: Not A Problem

Closing as not a problem, as we rely on Ubuntu Focal LTS to provide both a patched golang runtime as well as a patched gosu binary.

I don't know if the security scanner reports false positives due to this (e.g. that it just sees golang 1.13 and says it's vulnerable)?

> gosu binary version
> -------------------
>
>                 Key: SOLR-16523
>                 URL: https://issues.apache.org/jira/browse/SOLR-16523
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>          Components: Docker
>    Affects Versions: 8.11.2
>            Reporter: Ritchie Gu
>            Assignee: Jan Høydahl
>            Priority: Major
>
> I noticed that as part of the process, it's installing gosu and few other packages [https://github.com/apache/solr-docker/blob/main/8.11-slim/Dockerfile#L20,]
> The version of gosu gets installed is a bit of old, and do you have any plan to install newer version gosu in?



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@solr.apache.org
For additional commands, e-mail: issues-help@solr.apache.org