New docker image for Java 17 security issues

[tom-bailey-om]

Hi, apologies if I am raising this on the wrong repository or I misunderstand Docker images.

We are currently undergoing a security audit and the latest fnproject Docker images have been flagged as having several high severity issues due to jdk17.0.11.

We are using this build image currently:
fnproject/fn-java-fdk-build:jdk17-1.0.190

Could you advise if/when a new image will be made available? If this is the wrong repository to raise this ticket, please could you advise where to raise a ticket?

For completeness we are seeing these CVEs:
High Severity Problems:
[CVE-2024-21147, CVE-2020-2026, CVE-2020-2025]

Medium Severity Problems:
[CVE-2020-2023, CVE-2020-2024, CVE-2023-35116, CVE-2024-21140]

Thanks,
Tom

[gianlucabonetti]

Hello Tom
There is a new version jdk17-1.0.195 available as of today, released early October 2024.
Please have a try with that.
Cheers
Gianluca