i am using use multi stage docker build for distroless and using "gcr.io/distroless/java:8" for my container but the packages version installed by gcr.io/distroless/java:8 have several security issues such as glibc 2.31 https://nvd.nist.gov/vuln/detail/CVE-2020-1752 how can i update the versions of packages inside the distroless image `
FROM openjdk:8 AS build
WORKDIR /app
RUN apt-get update
RUN apt-get upgrade libexpat1-dev libexpat1 openssl unzip -y
FROM gcr.io/distroless/java:8-debug
COPY --from=build /app /app
WORKDIR /app
CMD ["java commands"]`
Distroless means that you don't have bash or apt to update the container, so you should use another distroless version that has these security flaws fixed. Create new images, test them, upload them to the registry, update the deployment yaml files, and start over.