Upgrading Tomcat in Docker image?

[Christopher Tabone]

Hi Apollo team,

Is there any chance the Docker image "latest" could be re-built on Dockerhub? 

It's using an older version of tomcat9 (9.0.16) that contains several "critical" vulnerabilities (CVE-2019-17569, CVE-2020-1935, CVE-2020-1938) that are patched in the newer version of tomcat9 now available in the Ubuntu 18.04 repository (9.0.43-3). 

Our university sysadmin group has prohibited Web Apollo from running on our server until these vulnerabilities are addressed. We can also just clone the GitHub repo and build it ourselves, but I thought it might be better for everyone if it were more officially addressed?

I'm assuming that rebuilding the image should pull down the latest (safest) version of tomcat9, at least from looking at your Dockerfile. 

Any and all help or advice is appreciated, thanks!

Best,
Chris

[Christopher Tabone]

Update -- looks like tomcat9 is actually still the older version in the 18.04 repository, so the source Ubuntu repository would need to be updated to 20.04 or a newer version of tomcat9 would need to be manually installed in order to address the vulnerabilities.

Both approaches are more complicated than just re-creating the Docker image file. I will take this offline and try to make the changes locally on our machines, starting with using 20.04 as the base image.

[Garrett Stevens]

Thanks for the update. If you're able to let us know if it works, we can try to get our docker image updated accordingly.

Best,

Garrett

--
To unsubscribe from this group and stop receiving emails from it, send an email to apollo+un...@lbl.gov.