Docker base image change?

7 views
Skip to first unread message

psiinon

unread,
Sep 20, 2022, 10:39:15 AMSep 20
to zaprox...@googlegroups.com, OWASP ZAP Developer Group
The ZAP docker images currently use ubuntu:20.04 as the base image.
This is old and has a growing number of CVEs associated with it.

However the newer ubuntu:22.10 base image installs Firefox as a snap.
ZAP cannot currently launch Firefox when installed in this way, which breaks the Ajax Spider and the DOM XSS scan rule.

My proposal is that we change to use debian:unstable-slim as the base image instead.
The migration was pretty easy and initial testing has shown no problems.
For info "unstable" was used as the "stable" version does not support the latest version of Firefox.

More testing will be performed, but in the meantime - does anyone have any objections?

Many thanks,

Simon

--
OWASP ZAP Project leader
Reply all
Reply to author
Forward
0 new messages