Hello All,
We have been implementing a solution using the Flink image from
https://github.com/apache/flink-docker/blob/master/1.13/scala_2.12-java11-debian/Dockerfile and it got flagged by our image repository for 3 major security vulnerabilities:
CVE-2017-8804
CVE-2019-25013
CVE-2021-33574
All of these stem from the `glibc` packages in the `openjdk:11-jre` image.
We have a working image based on building Flink using the Amazon Corretto image -
https://github.com/corretto/corretto-docker/blob/88df29474df6fc3f3f19daa8c5515d934f706cd0/11/jdk/al2/Dockerfile. This works although there are some issues related to linking `libjemalloc`. Before we fully test this new image we wanted to reach out to the community for insight on the following questions:
1. Are these vulnerabilities captured in an issue yet?
2. If so, when could we except a new official image that contains the Debian fixes for these issues?
3. If not, how can we help contribute to a solution?
4. Are there officially supported non-Debian based Flink images?
We appreciate the insights and look forward to working with the community on a solution.
Locked
