Java Vulnerability question #193
-
|
Question, using tenable to scan the machine and it is popping for a Java vulnerability of older JDK version installed under docker directory. i figured the latest update would remediate but it has not. Am i misunderstanding that the JDK version is updated with the application? /var/lib/docker/overlay2//diff/usr/local/openjdk-11/ |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments
-
|
We update dependencies inside the public docker images regularly with releases, including hot fixing when we determine there is a CVE that warrants being addressed immediately. If you have a requirement for a particular SLA or response time we have a paid offering. |
Beta Was this translation helpful? Give feedback.
-
|
VECTR 8.4.3 uses openjdk 11.0.15 because it was released prior to 11.0.16 8.5.1 uses openjdk 11.0.16 Please make sure your VECTR version is the latest. Note that the folder you're scanning appears to be the temporary overlay directory on your host which may contain older image data. That folder is not the operating directory of VECTR so you can attempt to remove / prune unused images if your scans are picking up older data. |
Beta Was this translation helpful? Give feedback.
VECTR 8.4.3 uses openjdk 11.0.15 because it was released prior to 11.0.16
8.5.1 uses openjdk 11.0.16
Please make sure your VECTR version is the latest.
Note that the folder you're scanning appears to be the temporary overlay directory on your host which may contain older image data. That folder is not the operating directory of VECTR so you can attempt to remove / prune unused images if your scans are picking up older data.