Groups keyboard shortcuts have been updated
Dismiss
See shortcuts
Orbeon Vulnerabilities in Docker image scan
14 views
Skip to first unread message
Ádám Dobó
Aug 21, 2024, 10:37:29 AM8/21/24
to Orbeon Forms
Hi,
I'm running Orbeon PE 2023.1.3 version in a docker container with tomcat and nginx. When scanning the image for vulnerabilities, Docker Desktop detects 23 different vulnerabilities all coming from the ehcache-2.10.9.2.jar dependency from Orbeon.
Our client would like to eliminate these vulnerabilities, however as far as I know this is the latest version of ehcache 2. Is it possible to eliminate these vulnerabilities and keep Orbeon working at the same time?
Thank you for your help,
Adam
I'm running Orbeon PE 2023.1.3 version in a docker container with tomcat and nginx. When scanning the image for vulnerabilities, Docker Desktop detects 23 different vulnerabilities all coming from the ehcache-2.10.9.2.jar dependency from Orbeon.
Our client would like to eliminate these vulnerabilities, however as far as I know this is the latest version of ehcache 2. Is it possible to eliminate these vulnerabilities and keep Orbeon working at the same time?
Thank you for your help,
Adam
ebruchez
Aug 21, 2024, 11:10:51 AM8/21/24
to Orbeon Forms
Adam,
You can completely eliminate Ehcache 2 by using, for example, Ehcache 3, by enabling the JCache provider. See:
Ádám Dobó
Aug 22, 2024, 12:33:14 PM8/22/24
to Orbeon Forms
Thanks Erik for the fast response. Just to confirm: by switching to ehcache3 I can remove the ehcache2 jar file from Orbeon right?
Thanks,
Adam
Thanks,
Adam
ebruchez
Aug 22, 2024, 12:43:30 PM8/22/24
to Orbeon Forms
> Just to confirm: by switching to ehcache3 I can remove the ehcache2 jar file from Orbeon right?
Yes, that's correct.
-Erik
Reply all
Reply to author
Forward
0 new messages