Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenSSL vulnerability #384

Open
TigerAVAF6R opened this issue Feb 1, 2021 · 2 comments
Open

OpenSSL vulnerability #384

TigerAVAF6R opened this issue Feb 1, 2021 · 2 comments

Comments

@TigerAVAF6R
Copy link

TigerAVAF6R commented Feb 1, 2021
edited

Hi Team, I am working for IBM, and we are using the liberty image for our app, our app is running on an openshift based platform inside IBM called Cirrus, our images are scanned by the platform and we received some high vulnerability issues related to openssl. Can anyone help to check and fix this ? Or do you have any suggestion what we can do to fix the issue ?

I am using the latest tag to pull the image: docker pull websphere-liberty
image
@arthurdm
Copy link
Contributor

arthurdm commented Feb 2, 2021

hi @TigerAVAF6R - we are waiting for IBM Java layer to upgrade to Ubuntu 20.04, which should help solve a lot of security vulnerabilities. Another option is to use the UBI-based images for WebSphere Liberty, found here.

@TigerAVAF6R
Copy link
Author

TigerAVAF6R commented Feb 2, 2021
edited

@arthurdm Thanks for the info, do you know when the fix will be released ? By the way, what's the difference between this liberty image and UBI-based image ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@arthurdm @TigerAVAF6R