'Resolving Azure Container registry images vulnerabilities
I use the following image openjdk:11-jdk as a base image to create an image that just executes a .jar file, but I get the following security warning from Azure Container Registry:
- 376157 - Apache Log4j Remote Code Execution (RCE) Vulnerability (Log4Shell)
- 376194 - Apache Log4j Denial of Service (DOS) Vulnerability (Log4Shell)
- 376178 - Apache Log4j Remote Code Execution (RCE) Vulnerability (CVE-2021-45046) (Log4Shell)
- 179244 - Debian Security Update for xz-utils (DSA 5123-1)
- 179243 - Debian Security Update for gzip (DSA 5122-1)
- 376209 - Apache Log4j Remote Code Execution (RCE) Vulnerability (CVE-2021-44832)
I tried using different image like openjdk:11.0.15-jre-slim, but I get the same warnings and I also tried searching in internet for an image that doesn't cause the warnings, but I couldn't find any. Are you aware of any image that doesn't have the issues? I just need to execute a .jar file.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|