Add Debian 11 base image #356
Comments
|
It's not quite released yet, but it is in a transition freeze (not quite even soft freeze yet until probably sometime next month), so it would be reasonable IMO to add as an additional variant on the 1.16 pre-release version (which is due to be released next month around the same time the freeze for Debian 11 starts to ramp up). |
|
Although to be clear, the vulnerabilities you've listed are not compelling reasons to upgrade:
https://github.com/docker-library/repo-info/blob/46e3f35aa34cc7964e554e7433e9a52a7e4e8771/repos/golang/local/1.15-buster.md#dpkg-source-package-openldap2447dfsg-3deb10u4 |
|
Bumping this, as bullseye is now out: https://www.debian.org/News/2021/20210814 |
|
I've included this in #381. |
|
Thanks @tianon! |
The latest version 11 of Debian version 11 (bullseye) is released. So can we have a golang docker image with debian 11 as base.
https://release.debian.org/bullseye/freeze_policy.html
The current images of golang have openldap and bash vulnerabilities due to the underlying debian
Debian Security Update for openldap (DSA 4792-1) | CVE-2020-25709,CVE-2020-25710
GNU Bash Privilege Escalation Vulnerability for Debian (Zero Day) | CVE-2019-18276
The current golang images have 4.1 version of bash that has this vulnerability, upgrading to debian 11 will provide 5.1 bash which will have the issue fix
The text was updated successfully, but these errors were encountered: