How soon can we expect updated images when there’s a critical vulnerability?
Java currently has a serious vulnerability published april 19:
CVE-2022-21449
https://openjdk.java.net/groups/vulnerability/advisories/2022-04-19
I have checked updates for the openjdk official images since yesterday morning.
Images were last pushed yesterday, but doesn’t seem to include the security fix.
For instance openjdk:18-jdk-slim:
openjdk:18-jdk-slim@sha256:c75cc7e3da69f50d23086c2b78098fde5979a0c3995285b9e720deff32f45843
When i run it and check java -version
I get
“openjdk version “18” 2022-03-22”