Docker base image change?

[psiinon]

The ZAP docker images currently use ubuntu:20.04 as the base image.

This is old and has a growing number of CVEs associated with it.

However the newer ubuntu:22.10 base image installs Firefox as a snap.

ZAP cannot currently launch Firefox when installed in this way, which breaks the Ajax Spider and the DOM XSS scan rule.

My proposal is that we change to use debian:unstable-slim as the base image instead.

The migration was pretty easy and initial testing has shown no problems.

For info "unstable" was used as the "stable" version does not support the latest version of Firefox.

More testing will be performed, but in the meantime - does anyone have any objections?

Many thanks,

Simon

--

OWASP ZAP Project leader