CVE-2015-7547: rebuild images? #106
Comments
|
@flecno Very nice that you pay so close attention 👍 |
|
@flecno Thanks for keeping an eye on it. It's probably worth releasing v2.0.0 based on the alpine builds for people to pin their deployments to. |
|
Yes... there have to be a automated rebuild process for this case. There are new images available on docker hub. Thank you for the fast reaction!! |
|
@flecno I agree, there should be some policy which dictates a maintenance period for old tagged releases. |
|
@kylemanna Do you consider implementing automatic rebuilds? |
|
Depends on the release policy. I don't want to rebuild images just to rebuild images. |
|
Makes sense. I might look into how to check if the base image has actually changed. |
|
I think this is a more general problem which have to solve in a other place. I hope this security issue wake up some people. I think there are many peoples who run dozen docker images which has to rebuild manually? This can not be the right process. If you now some usefull dicussion around this topic, i will be happy to follow |
|
@flecno I think this is your best option in terms of security to build all images locally (including the base image(s) of course). See https://github.com/ypid/docker-makefile 😉 You have to automate container redeployments anyway, so it is no big deal to build them also in the process. |
|
@kylemanna Seems like your image is still vulnerable. Can you fix that please and maybe automate it so that this does not happen in the future? |
Can you rebuild and force push your
1.1.0and1.0image tags to docker hub to make sure the latestdebian:jessiebase image is used? Or is there any automatic rebuild process on docker hub?Currently the
kylemanna/openvpn:1.1.0image is vulnerabledebian:jessieis fixed:The new alpine based images are not affected.
More Information:
The text was updated successfully, but these errors were encountered: