update glibc package in distroless

710 views Asked by At

i am using use multi stage docker build for distroless and using "gcr.io/distroless/java:8" for my container but the packages version installed by gcr.io/distroless/java:8 have several security issues such as glibc 2.31 https://nvd.nist.gov/vuln/detail/CVE-2020-1752 how can i update the versions of packages inside the distroless image `

FROM openjdk:8 AS build

WORKDIR /app

RUN apt-get update

RUN apt-get upgrade libexpat1-dev libexpat1 openssl unzip -y

FROM gcr.io/distroless/java:8-debug

COPY --from=build /app /app

WORKDIR /app

CMD ["java commands"]`

1

There are 1 answers

0
aironman On

Distroless means that you don't have bash or apt to update the container, so you should use another distroless version that has these security flaws fixed. Create new images, test them, upload them to the registry, update the deployment yaml files, and start over.