[FLINK-23221] Migrate Docker images to Debian Bullseye - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 1.13.1
Fix Version/s: 1.11.4, 1.14.0, 1.12.5, 1.13.2
Component/s: flink-docker
Labels:
- docker
- flink
- glibc
Environment:

Issue was discovered by AWS ECR image scanning on apache/flink:1.13.1-scala_2.12

Description

The AWS ECR image scanning reports some HIGH vulnerabilities on apache/flink:1.13.1-scala_2.12 docker image. In addition, all versions prior to this one have these issues.

The vulnerabilities are the following:

Our security policy do not allow us to deploy images having security vulnerabilities. Searching through the Internet I found that for the first problem, a patch containing the solution will be release this year.

Do you plan to release a new image containing the newer glibc version in order to solve those issues?

Also, I checked and the alpine based flink images do not have these vulnerabilities. Do you plan to release newer versions of flink based on alpine (latest one is flink:1.8.x)?

Attachments

Activity

People

Assignee:: Chesnay Schepler

Reporter:: Razvan AGAPE

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 02/Jul/21 11:11

Updated:: 26/Aug/21 07:55

Resolved:: 26/Aug/21 07:55