Use Wolfi OS as the Base Docker Image of Seata Server to reduce CVE #6964

linghengqian · 2024-10-31T09:07:19Z

Why you need it?

Is your feature request related to a problem? Please describe in details

This is actually an extension of Provide built-in GraalVM Reachability Metadata on Seata Client 2.1.0+ #6686 and Add support for org.apache.seata:seata-all:2.1.0 oracle/graalvm-reachability-metadata#542. Since I am not personally familiar with Seata Client's handling of Spring, I plan to temporarily submit Seata Client's GraalVM Reachability Metadata to https://github.com/oracle/graalvm-reachability-metadata .
In order to write nativeTest for Seata Client, I need to use testcontainers-java to start the Docker Image of Seata Server. However, https://github.com/oracle/graalvm-reachability-metadata requires that the Docker Image used in the unit test has not been scanned for CVE by https://github.com/anchore/grype .
There are too many CVEs for the Docker Image of apache/seata-server:2.2.0, and most of them are not related to Seata.

$  docker run --rm --volume /var/run/docker.sock:/var/run/docker.sock --name Grype anchore/grype:latest apache/seata-server:2.2.0

Maybe it's possible to use https://github.com/wolfi-dev as the Docker Image of Seata Server like ElasticSearch does to reduce the number of CVEs? I don't think Seata Server really requires something like Python to run.

How it could be?

A clear and concise description of what you want to happen. You can explain more about input of the feature, and output of it.

I saw https://github.com/apache/incubator-seata/blob/v2.2.0/distribution/docker/server/Dockerfile is still using openjdk:8u342, which brings too many CVEs. I'm personally not sure if Seata Server uses anything JDK8 specific.

Other related information

Add any other context or screenshots about the feature request here.

Null.

The text was updated successfully, but these errors were encountered:

linghengqian · 2024-10-31T09:08:27Z

For the result of docker run --rm --volume /var/run/docker.sock:/var/run/docker.sock --name Grype anchore/grype:latest apache/seata-server:2.2.0, I show it in a separate comment because it exceeds the maximum word limit of the issue.

Click to expand to view the results🐲🐲🐲🐲🐲🐲🐲🐲🐲

$  docker run --rm --volume /var/run/docker.sock:/var/run/docker.sock --name Grype anchore/grype:latest apache/seata-server:2.2.0
NAME                  INSTALLED                FIXED-IN                                                       TYPE          VULNERABILITY        SEVERITY
apt                   2.2.4                                                                                   deb           CVE-2011-3374        Negligible
bash                  5.1-2+deb11u1            (won't fix)                                                    deb           CVE-2022-3715        High
bsdutils              1:2.36.1-8+deb11u1       2.36.1-8+deb11u2                                               deb           CVE-2024-28085       Low
bsdutils              1:2.36.1-8+deb11u1                                                                      deb           CVE-2022-0563        Negligible
commons-io            2.8.0                    2.14.0                                                         java-archive  GHSA-78wr-2p64-hpwj  High
coreutils             8.32-4+b1                (won't fix)                                                    deb           CVE-2016-2781        Low
coreutils             8.32-4+b1                                                                               deb           CVE-2017-18018       Negligible
curl                  7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u10                                            deb           CVE-2023-38545       Critical
curl                  7.74.0-1.3+deb11u1       (won't fix)                                                    deb           CVE-2023-23914       Critical
curl                  7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u5                                             deb           CVE-2022-32221       Critical
curl                  7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u2                                             deb           CVE-2022-32207       Critical
curl                  7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u2                                             deb           CVE-2021-22945       Critical
curl                  7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u12                                            deb           CVE-2024-2398        High
curl                  7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u8                                             deb           CVE-2023-27534       High
curl                  7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u8                                             deb           CVE-2023-27533       High
curl                  7.74.0-1.3+deb11u1       (won't fix)                                                    deb           CVE-2022-43551       High
curl                  7.74.0-1.3+deb11u1       (won't fix)                                                    deb           CVE-2022-42916       High
curl                  7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u2                                             deb           CVE-2022-27782       High
curl                  7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u2                                             deb           CVE-2022-27781       High
curl                  7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u2                                             deb           CVE-2022-27775       High
curl                  7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u2                                             deb           CVE-2022-22576       High
curl                  7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u2                                             deb           CVE-2021-22946       High
curl                  7.74.0-1.3+deb11u1       (won't fix)                                                    deb           CVE-2024-8096        Medium
curl                  7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u13                                            deb           CVE-2024-7264        Medium
curl                  7.74.0-1.3+deb11u1       (won't fix)                                                    deb           CVE-2023-46219       Medium
curl                  7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u11                                            deb           CVE-2023-46218       Medium
curl                  7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u9                                             deb           CVE-2023-28321       Medium
curl                  7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u8                                             deb           CVE-2023-27538       Medium
curl                  7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u8                                             deb           CVE-2023-27536       Medium
curl                  7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u8                                             deb           CVE-2023-27535       Medium
curl                  7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u7                                             deb           CVE-2023-23916       Medium
curl                  7.74.0-1.3+deb11u1       (won't fix)                                                    deb           CVE-2023-23915       Medium
curl                  7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u5                                             deb           CVE-2022-43552       Medium
curl                  7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u2                                             deb           CVE-2022-32208       Medium
curl                  7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u2                                             deb           CVE-2022-32206       Medium
curl                  7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u2                                             deb           CVE-2022-32205       Medium
curl                  7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u2                                             deb           CVE-2022-27776       Medium
curl                  7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u2                                             deb           CVE-2022-27774       Medium
curl                  7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u2                                             deb           CVE-2021-22947       Medium
curl                  7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u10                                            deb           CVE-2023-38546       Low
curl                  7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u9                                             deb           CVE-2023-28322       Low
curl                  7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u3                                             deb           CVE-2022-35252       Low
curl                  7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u2                                             deb           CVE-2021-22924       Low
curl                  7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u2                                             deb           CVE-2021-22898       Low
curl                  7.74.0-1.3+deb11u1                                                                      deb           CVE-2024-2379        Negligible
curl                  7.74.0-1.3+deb11u1                                                                      deb           CVE-2023-28320       Negligible
curl                  7.74.0-1.3+deb11u1                                                                      deb           CVE-2021-22923       Negligible
curl                  7.74.0-1.3+deb11u1                                                                      deb           CVE-2021-22922       Negligible
dirmngr               2.2.27-2+deb11u2                                                                        deb           CVE-2022-3219        Negligible
e2fsprogs             1.46.2-2                 1.46.2-2+deb11u1                                               deb           CVE-2022-1304        High
gcc-10-base           10.2.1-6                                                                                deb           CVE-2023-4039        Negligible
gcc-9-base            9.3.0-22                                                                                deb           CVE-2023-4039        Negligible
git                   1:2.30.2-1               1:2.30.2-1+deb11u3                                             deb           CVE-2024-32002       Critical
git                   1:2.30.2-1               1:2.30.2-1+deb11u1                                             deb           CVE-2022-41903       Critical
git                   1:2.30.2-1               1:2.30.2-1+deb11u1                                             deb           CVE-2022-23521       Critical
git                   1:2.30.2-1               1:2.30.2-1+deb11u3                                             deb           CVE-2024-32465       High
git                   1:2.30.2-1               1:2.30.2-1+deb11u3                                             deb           CVE-2024-32004       High
git                   1:2.30.2-1               1:2.30.2-1+deb11u3                                             deb           CVE-2023-29007       High
git                   1:2.30.2-1               1:2.30.2-1+deb11u3                                             deb           CVE-2023-25652       High
git                   1:2.30.2-1               1:2.30.2-1+deb11u2                                             deb           CVE-2023-23946       High
git                   1:2.30.2-1               1:2.30.2-1+deb11u1                                             deb           CVE-2022-39260       High
git                   1:2.30.2-1               1:2.30.2-1+deb11u1                                             deb           CVE-2022-29187       High
git                   1:2.30.2-1               1:2.30.2-1+deb11u1                                             deb           CVE-2022-24765       High
git                   1:2.30.2-1               1:2.30.2-1+deb11u3                                             deb           CVE-2019-1387        High
git                   1:2.30.2-1               1:2.30.2-1+deb11u2                                             deb           CVE-2023-22490       Medium
git                   1:2.30.2-1               1:2.30.2-1+deb11u1                                             deb           CVE-2022-39253       Medium
git                   1:2.30.2-1               1:2.30.2-1+deb11u3                                             deb           CVE-2024-32021       Low
git                   1:2.30.2-1               (won't fix)                                                    deb           CVE-2024-32020       Low
git                   1:2.30.2-1               1:2.30.2-1+deb11u3                                             deb           CVE-2023-25815       Low
git                   1:2.30.2-1                                                                              deb           CVE-2022-24975       Negligible
git                   1:2.30.2-1                                                                              deb           CVE-2018-1000021     Negligible
git-man               1:2.30.2-1               1:2.30.2-1+deb11u3                                             deb           CVE-2024-32002       Critical
git-man               1:2.30.2-1               1:2.30.2-1+deb11u1                                             deb           CVE-2022-41903       Critical
git-man               1:2.30.2-1               1:2.30.2-1+deb11u1                                             deb           CVE-2022-23521       Critical
git-man               1:2.30.2-1               1:2.30.2-1+deb11u3                                             deb           CVE-2024-32465       High
git-man               1:2.30.2-1               1:2.30.2-1+deb11u3                                             deb           CVE-2024-32004       High
git-man               1:2.30.2-1               1:2.30.2-1+deb11u3                                             deb           CVE-2023-29007       High
git-man               1:2.30.2-1               1:2.30.2-1+deb11u3                                             deb           CVE-2023-25652       High
git-man               1:2.30.2-1               1:2.30.2-1+deb11u2                                             deb           CVE-2023-23946       High
git-man               1:2.30.2-1               1:2.30.2-1+deb11u1                                             deb           CVE-2022-39260       High
git-man               1:2.30.2-1               1:2.30.2-1+deb11u1                                             deb           CVE-2022-29187       High
git-man               1:2.30.2-1               1:2.30.2-1+deb11u1                                             deb           CVE-2022-24765       High
git-man               1:2.30.2-1               1:2.30.2-1+deb11u3                                             deb           CVE-2019-1387        High
git-man               1:2.30.2-1               1:2.30.2-1+deb11u2                                             deb           CVE-2023-22490       Medium
git-man               1:2.30.2-1               1:2.30.2-1+deb11u1                                             deb           CVE-2022-39253       Medium
git-man               1:2.30.2-1               1:2.30.2-1+deb11u3                                             deb           CVE-2024-32021       Low
git-man               1:2.30.2-1               (won't fix)                                                    deb           CVE-2024-32020       Low
git-man               1:2.30.2-1               1:2.30.2-1+deb11u3                                             deb           CVE-2023-25815       Low
git-man               1:2.30.2-1                                                                              deb           CVE-2022-24975       Negligible
git-man               1:2.30.2-1                                                                              deb           CVE-2018-1000021     Negligible
gnupg                 2.2.27-2+deb11u2                                                                        deb           CVE-2022-3219        Negligible
gnupg-l10n            2.2.27-2+deb11u2                                                                        deb           CVE-2022-3219        Negligible
gnupg-utils           2.2.27-2+deb11u2                                                                        deb           CVE-2022-3219        Negligible
gpg                   2.2.27-2+deb11u2                                                                        deb           CVE-2022-3219        Negligible
gpg-agent             2.2.27-2+deb11u2                                                                        deb           CVE-2022-3219        Negligible
gpg-wks-client        2.2.27-2+deb11u2                                                                        deb           CVE-2022-3219        Negligible
gpg-wks-server        2.2.27-2+deb11u2                                                                        deb           CVE-2022-3219        Negligible
gpgconf               2.2.27-2+deb11u2                                                                        deb           CVE-2022-3219        Negligible
gpgsm                 2.2.27-2+deb11u2                                                                        deb           CVE-2022-3219        Negligible
gpgv                  2.2.27-2+deb11u2                                                                        deb           CVE-2022-3219        Negligible
h2                    2.1.214                  2.2.220                                                        java-archive  GHSA-22wj-vf5f-wrvj  High
libapr1               1.7.0-6+deb11u1          1.7.0-6+deb11u2                                                deb           CVE-2022-24963       Critical
libapr1               1.7.0-6+deb11u1          (won't fix)                                                    deb           CVE-2023-49582       Medium
libaprutil1           1.6.1-5                  1.6.1-5+deb11u1                                                deb           CVE-2022-25147       Medium
libapt-pkg6.0         2.2.4                                                                                   deb           CVE-2011-3374        Negligible
libblkid1             2.36.1-8+deb11u1         2.36.1-8+deb11u2                                               deb           CVE-2024-28085       Low
libblkid1             2.36.1-8+deb11u1                                                                        deb           CVE-2022-0563        Negligible
libc-bin              2.31-13+deb11u3          2.31-13+deb11u10                                               deb           CVE-2024-33602       High
libc-bin              2.31-13+deb11u3          2.31-13+deb11u10                                               deb           CVE-2024-33601       High
libc-bin              2.31-13+deb11u3          2.31-13+deb11u9                                                deb           CVE-2024-2961        High
libc-bin              2.31-13+deb11u3          2.31-13+deb11u7                                                deb           CVE-2023-4911        High
libc-bin              2.31-13+deb11u3          2.31-13+deb11u4                                                deb           CVE-2021-3999        High
libc-bin              2.31-13+deb11u3          (won't fix)                                                    deb           CVE-2023-4813        Medium
libc-bin              2.31-13+deb11u3          (won't fix)                                                    deb           CVE-2023-4806        Medium
libc-bin              2.31-13+deb11u3                                                                         deb           CVE-2019-9192        Negligible
libc-bin              2.31-13+deb11u3                                                                         deb           CVE-2019-1010025     Negligible
libc-bin              2.31-13+deb11u3                                                                         deb           CVE-2019-1010024     Negligible
libc-bin              2.31-13+deb11u3                                                                         deb           CVE-2019-1010023     Negligible
libc-bin              2.31-13+deb11u3                                                                         deb           CVE-2019-1010022     Negligible
libc-bin              2.31-13+deb11u3                                                                         deb           CVE-2018-20796       Negligible
libc-bin              2.31-13+deb11u3                                                                         deb           CVE-2010-4756        Negligible
libc-bin              2.31-13+deb11u3          2.31-13+deb11u10                                               deb           CVE-2024-33600       Unknown
libc-bin              2.31-13+deb11u3          2.31-13+deb11u10                                               deb           CVE-2024-33599       Unknown
libc6                 2.31-13+deb11u3          2.31-13+deb11u10                                               deb           CVE-2024-33602       High
libc6                 2.31-13+deb11u3          2.31-13+deb11u10                                               deb           CVE-2024-33601       High
libc6                 2.31-13+deb11u3          2.31-13+deb11u9                                                deb           CVE-2024-2961        High
libc6                 2.31-13+deb11u3          2.31-13+deb11u7                                                deb           CVE-2023-4911        High
libc6                 2.31-13+deb11u3          2.31-13+deb11u4                                                deb           CVE-2021-3999        High
libc6                 2.31-13+deb11u3          (won't fix)                                                    deb           CVE-2023-4813        Medium
libc6                 2.31-13+deb11u3          (won't fix)                                                    deb           CVE-2023-4806        Medium
libc6                 2.31-13+deb11u3                                                                         deb           CVE-2019-9192        Negligible
libc6                 2.31-13+deb11u3                                                                         deb           CVE-2019-1010025     Negligible
libc6                 2.31-13+deb11u3                                                                         deb           CVE-2019-1010024     Negligible
libc6                 2.31-13+deb11u3                                                                         deb           CVE-2019-1010023     Negligible
libc6                 2.31-13+deb11u3                                                                         deb           CVE-2019-1010022     Negligible
libc6                 2.31-13+deb11u3                                                                         deb           CVE-2018-20796       Negligible
libc6                 2.31-13+deb11u3                                                                         deb           CVE-2010-4756        Negligible
libc6                 2.31-13+deb11u3          2.31-13+deb11u10                                               deb           CVE-2024-33600       Unknown
libc6                 2.31-13+deb11u3          2.31-13+deb11u10                                               deb           CVE-2024-33599       Unknown
libcom-err2           1.46.2-2                 1.46.2-2+deb11u1                                               deb           CVE-2022-1304        High
libcurl3-gnutls       7.74.0-1.3+deb11u2       7.74.0-1.3+deb11u10                                            deb           CVE-2023-38545       Critical
libcurl3-gnutls       7.74.0-1.3+deb11u2       (won't fix)                                                    deb           CVE-2023-23914       Critical
libcurl3-gnutls       7.74.0-1.3+deb11u2       7.74.0-1.3+deb11u5                                             deb           CVE-2022-32221       Critical
libcurl3-gnutls       7.74.0-1.3+deb11u2       7.74.0-1.3+deb11u12                                            deb           CVE-2024-2398        High
libcurl3-gnutls       7.74.0-1.3+deb11u2       7.74.0-1.3+deb11u8                                             deb           CVE-2023-27534       High
libcurl3-gnutls       7.74.0-1.3+deb11u2       7.74.0-1.3+deb11u8                                             deb           CVE-2023-27533       High
libcurl3-gnutls       7.74.0-1.3+deb11u2       (won't fix)                                                    deb           CVE-2022-43551       High
libcurl3-gnutls       7.74.0-1.3+deb11u2       (won't fix)                                                    deb           CVE-2022-42916       High
libcurl3-gnutls       7.74.0-1.3+deb11u2       (won't fix)                                                    deb           CVE-2024-8096        Medium
libcurl3-gnutls       7.74.0-1.3+deb11u2       7.74.0-1.3+deb11u13                                            deb           CVE-2024-7264        Medium
libcurl3-gnutls       7.74.0-1.3+deb11u2       (won't fix)                                                    deb           CVE-2023-46219       Medium
libcurl3-gnutls       7.74.0-1.3+deb11u2       7.74.0-1.3+deb11u11                                            deb           CVE-2023-46218       Medium
libcurl3-gnutls       7.74.0-1.3+deb11u2       7.74.0-1.3+deb11u9                                             deb           CVE-2023-28321       Medium
libcurl3-gnutls       7.74.0-1.3+deb11u2       7.74.0-1.3+deb11u8                                             deb           CVE-2023-27538       Medium
libcurl3-gnutls       7.74.0-1.3+deb11u2       7.74.0-1.3+deb11u8                                             deb           CVE-2023-27536       Medium
libcurl3-gnutls       7.74.0-1.3+deb11u2       7.74.0-1.3+deb11u8                                             deb           CVE-2023-27535       Medium
libcurl3-gnutls       7.74.0-1.3+deb11u2       7.74.0-1.3+deb11u7                                             deb           CVE-2023-23916       Medium
libcurl3-gnutls       7.74.0-1.3+deb11u2       (won't fix)                                                    deb           CVE-2023-23915       Medium
libcurl3-gnutls       7.74.0-1.3+deb11u2       7.74.0-1.3+deb11u5                                             deb           CVE-2022-43552       Medium
libcurl3-gnutls       7.74.0-1.3+deb11u2       7.74.0-1.3+deb11u10                                            deb           CVE-2023-38546       Low
libcurl3-gnutls       7.74.0-1.3+deb11u2       7.74.0-1.3+deb11u9                                             deb           CVE-2023-28322       Low
libcurl3-gnutls       7.74.0-1.3+deb11u2       7.74.0-1.3+deb11u3                                             deb           CVE-2022-35252       Low
libcurl3-gnutls       7.74.0-1.3+deb11u2                                                                      deb           CVE-2024-2379        Negligible
libcurl3-gnutls       7.74.0-1.3+deb11u2                                                                      deb           CVE-2023-28320       Negligible
libcurl3-gnutls       7.74.0-1.3+deb11u2                                                                      deb           CVE-2021-22923       Negligible
libcurl3-gnutls       7.74.0-1.3+deb11u2                                                                      deb           CVE-2021-22922       Negligible
libcurl4              7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u10                                            deb           CVE-2023-38545       Critical
libcurl4              7.74.0-1.3+deb11u1       (won't fix)                                                    deb           CVE-2023-23914       Critical
libcurl4              7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u5                                             deb           CVE-2022-32221       Critical
libcurl4              7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u2                                             deb           CVE-2022-32207       Critical
libcurl4              7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u2                                             deb           CVE-2021-22945       Critical
libcurl4              7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u12                                            deb           CVE-2024-2398        High
libcurl4              7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u8                                             deb           CVE-2023-27534       High
libcurl4              7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u8                                             deb           CVE-2023-27533       High
libcurl4              7.74.0-1.3+deb11u1       (won't fix)                                                    deb           CVE-2022-43551       High
libcurl4              7.74.0-1.3+deb11u1       (won't fix)                                                    deb           CVE-2022-42916       High
libcurl4              7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u2                                             deb           CVE-2022-27782       High
libcurl4              7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u2                                             deb           CVE-2022-27781       High
libcurl4              7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u2                                             deb           CVE-2022-27775       High
libcurl4              7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u2                                             deb           CVE-2022-22576       High
libcurl4              7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u2                                             deb           CVE-2021-22946       High
libcurl4              7.74.0-1.3+deb11u1       (won't fix)                                                    deb           CVE-2024-8096        Medium
libcurl4              7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u13                                            deb           CVE-2024-7264        Medium
libcurl4              7.74.0-1.3+deb11u1       (won't fix)                                                    deb           CVE-2023-46219       Medium
libcurl4              7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u11                                            deb           CVE-2023-46218       Medium
libcurl4              7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u9                                             deb           CVE-2023-28321       Medium
libcurl4              7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u8                                             deb           CVE-2023-27538       Medium
libcurl4              7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u8                                             deb           CVE-2023-27536       Medium
libcurl4              7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u8                                             deb           CVE-2023-27535       Medium
libcurl4              7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u7                                             deb           CVE-2023-23916       Medium
libcurl4              7.74.0-1.3+deb11u1       (won't fix)                                                    deb           CVE-2023-23915       Medium
libcurl4              7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u5                                             deb           CVE-2022-43552       Medium
libcurl4              7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u2                                             deb           CVE-2022-32208       Medium
libcurl4              7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u2                                             deb           CVE-2022-32206       Medium
libcurl4              7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u2                                             deb           CVE-2022-32205       Medium
libcurl4              7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u2                                             deb           CVE-2022-27776       Medium
libcurl4              7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u2                                             deb           CVE-2022-27774       Medium
libcurl4              7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u2                                             deb           CVE-2021-22947       Medium
libcurl4              7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u10                                            deb           CVE-2023-38546       Low
libcurl4              7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u9                                             deb           CVE-2023-28322       Low
libcurl4              7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u3                                             deb           CVE-2022-35252       Low
libcurl4              7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u2                                             deb           CVE-2021-22924       Low
libcurl4              7.74.0-1.3+deb11u1       7.74.0-1.3+deb11u2                                             deb           CVE-2021-22898       Low
libcurl4              7.74.0-1.3+deb11u1                                                                      deb           CVE-2024-2379        Negligible
libcurl4              7.74.0-1.3+deb11u1                                                                      deb           CVE-2023-28320       Negligible
libcurl4              7.74.0-1.3+deb11u1                                                                      deb           CVE-2021-22923       Negligible
libcurl4              7.74.0-1.3+deb11u1                                                                      deb           CVE-2021-22922       Negligible
libdb5.3              5.3.28+dfsg1-0.8         (won't fix)                                                    deb           CVE-2019-8457        Critical
libexpat1             2.2.10-2+deb11u3         2.2.10-2+deb11u6                                               deb           CVE-2024-45492       Critical
libexpat1             2.2.10-2+deb11u3         2.2.10-2+deb11u6                                               deb           CVE-2024-45491       Critical
libexpat1             2.2.10-2+deb11u3         2.2.10-2+deb11u6                                               deb           CVE-2024-45490       High
libexpat1             2.2.10-2+deb11u3         2.2.10-2+deb11u6                                               deb           CVE-2023-52425       High
libexpat1             2.2.10-2+deb11u3         2.2.10-2+deb11u5                                               deb           CVE-2022-43680       High
libexpat1             2.2.10-2+deb11u3         2.2.10-2+deb11u4                                               deb           CVE-2022-40674       High
libexpat1             2.2.10-2+deb11u3                                                                        deb           CVE-2024-28757       Negligible
libexpat1             2.2.10-2+deb11u3                                                                        deb           CVE-2023-52426       Negligible
libexpat1             2.2.10-2+deb11u3                                                                        deb           CVE-2013-0340        Negligible
libexpat1             2.2.10-2+deb11u3                                                                        deb           CVE-2024-50602       Unknown
libext2fs2            1.46.2-2                 1.46.2-2+deb11u1                                               deb           CVE-2022-1304        High
libfreetype6          2.10.4+dfsg-1+deb11u1                                                                   deb           CVE-2022-31782       Negligible
libgcc-s1             10.2.1-6                                                                                deb           CVE-2023-4039        Negligible
libgcrypt20           1.8.7-6                  (won't fix)                                                    deb           CVE-2021-33560       High
libgcrypt20           1.8.7-6                  (won't fix)                                                    deb           CVE-2024-2236        Medium
libgcrypt20           1.8.7-6                                                                                 deb           CVE-2018-6829        Negligible
libgnutls30           3.7.1-5+deb11u1          3.7.1-5+deb11u5                                                deb           CVE-2024-0567        High
libgnutls30           3.7.1-5+deb11u1          3.7.1-5+deb11u5                                                deb           CVE-2024-0553        High
libgnutls30           3.7.1-5+deb11u1          3.7.1-5+deb11u3                                                deb           CVE-2023-0361        High
libgnutls30           3.7.1-5+deb11u1          3.7.1-5+deb11u2                                                deb           CVE-2022-2509        High
libgnutls30           3.7.1-5+deb11u1          3.7.1-5+deb11u6                                                deb           CVE-2024-28835       Medium
libgnutls30           3.7.1-5+deb11u1          3.7.1-5+deb11u6                                                deb           CVE-2024-28834       Medium
libgnutls30           3.7.1-5+deb11u1          3.7.1-5+deb11u4                                                deb           CVE-2023-5981        Medium
libgnutls30           3.7.1-5+deb11u1                                                                         deb           CVE-2011-3389        Negligible
libgssapi-krb5-2      1.18.3-6+deb11u1         1.18.3-6+deb11u5                                               deb           CVE-2024-37371       Critical
libgssapi-krb5-2      1.18.3-6+deb11u1         1.18.3-6+deb11u5                                               deb           CVE-2024-37370       High
libgssapi-krb5-2      1.18.3-6+deb11u1         1.18.3-6+deb11u3                                               deb           CVE-2022-42898       High
libgssapi-krb5-2      1.18.3-6+deb11u1         1.18.3-6+deb11u4                                               deb           CVE-2023-36054       Medium
libgssapi-krb5-2      1.18.3-6+deb11u1                                                                        deb           CVE-2024-26461       Negligible
libgssapi-krb5-2      1.18.3-6+deb11u1                                                                        deb           CVE-2024-26458       Negligible
libgssapi-krb5-2      1.18.3-6+deb11u1                                                                        deb           CVE-2018-5709        Negligible
libk5crypto3          1.18.3-6+deb11u1         1.18.3-6+deb11u5                                               deb           CVE-2024-37371       Critical
libk5crypto3          1.18.3-6+deb11u1         1.18.3-6+deb11u5                                               deb           CVE-2024-37370       High
libk5crypto3          1.18.3-6+deb11u1         1.18.3-6+deb11u3                                               deb           CVE-2022-42898       High
libk5crypto3          1.18.3-6+deb11u1         1.18.3-6+deb11u4                                               deb           CVE-2023-36054       Medium
libk5crypto3          1.18.3-6+deb11u1                                                                        deb           CVE-2024-26461       Negligible
libk5crypto3          1.18.3-6+deb11u1                                                                        deb           CVE-2024-26458       Negligible
libk5crypto3          1.18.3-6+deb11u1                                                                        deb           CVE-2018-5709        Negligible
libkrb5-3             1.18.3-6+deb11u1         1.18.3-6+deb11u5                                               deb           CVE-2024-37371       Critical
libkrb5-3             1.18.3-6+deb11u1         1.18.3-6+deb11u5                                               deb           CVE-2024-37370       High
libkrb5-3             1.18.3-6+deb11u1         1.18.3-6+deb11u3                                               deb           CVE-2022-42898       High
libkrb5-3             1.18.3-6+deb11u1         1.18.3-6+deb11u4                                               deb           CVE-2023-36054       Medium
libkrb5-3             1.18.3-6+deb11u1                                                                        deb           CVE-2024-26461       Negligible
libkrb5-3             1.18.3-6+deb11u1                                                                        deb           CVE-2024-26458       Negligible
libkrb5-3             1.18.3-6+deb11u1                                                                        deb           CVE-2018-5709        Negligible
libkrb5support0       1.18.3-6+deb11u1         1.18.3-6+deb11u5                                               deb           CVE-2024-37371       Critical
libkrb5support0       1.18.3-6+deb11u1         1.18.3-6+deb11u5                                               deb           CVE-2024-37370       High
libkrb5support0       1.18.3-6+deb11u1         1.18.3-6+deb11u3                                               deb           CVE-2022-42898       High
libkrb5support0       1.18.3-6+deb11u1         1.18.3-6+deb11u4                                               deb           CVE-2023-36054       Medium
libkrb5support0       1.18.3-6+deb11u1                                                                        deb           CVE-2024-26461       Negligible
libkrb5support0       1.18.3-6+deb11u1                                                                        deb           CVE-2024-26458       Negligible
libkrb5support0       1.18.3-6+deb11u1                                                                        deb           CVE-2018-5709        Negligible
libksba8              1.5.0-3                  1.5.0-3+deb11u2                                                deb           CVE-2022-47629       Critical
libksba8              1.5.0-3                  1.5.0-3+deb11u1                                                deb           CVE-2022-3515        Critical
libldap-2.4-2         2.4.57+dfsg-3+deb11u1    (won't fix)                                                    deb           CVE-2023-2953        High
libldap-2.4-2         2.4.57+dfsg-3+deb11u1                                                                   deb           CVE-2020-15719       Negligible
libldap-2.4-2         2.4.57+dfsg-3+deb11u1                                                                   deb           CVE-2017-17740       Negligible
libldap-2.4-2         2.4.57+dfsg-3+deb11u1                                                                   deb           CVE-2017-14159       Negligible
libldap-2.4-2         2.4.57+dfsg-3+deb11u1                                                                   deb           CVE-2015-3276        Negligible
libmount1             2.36.1-8+deb11u1         2.36.1-8+deb11u2                                               deb           CVE-2024-28085       Low
libmount1             2.36.1-8+deb11u1                                                                        deb           CVE-2022-0563        Negligible
libncurses6           6.2+20201114-2           6.2+20201114-2+deb11u2                                         deb           CVE-2023-29491       High
libncurses6           6.2+20201114-2           6.2+20201114-2+deb11u1                                         deb           CVE-2022-29458       High
libncurses6           6.2+20201114-2           (won't fix)                                                    deb           CVE-2023-50495       Medium
libncurses6           6.2+20201114-2           (won't fix)                                                    deb           CVE-2023-45918       Unknown
libncursesw6          6.2+20201114-2           6.2+20201114-2+deb11u2                                         deb           CVE-2023-29491       High
libncursesw6          6.2+20201114-2           6.2+20201114-2+deb11u1                                         deb           CVE-2022-29458       High
libncursesw6          6.2+20201114-2           (won't fix)                                                    deb           CVE-2023-50495       Medium
libncursesw6          6.2+20201114-2           (won't fix)                                                    deb           CVE-2023-45918       Unknown
libnghttp2-14         1.43.0-1                 1.43.0-1+deb11u1                                               deb           CVE-2023-44487       High
libnghttp2-14         1.43.0-1                 1.43.0-1+deb11u2                                               deb           CVE-2024-28182       Medium
libpam-modules        1.4.0-9+deb11u1          (won't fix)                                                    deb           CVE-2024-22365       Medium
libpam-modules        1.4.0-9+deb11u1                                                                         deb           CVE-2024-10041       Medium
libpam-modules-bin    1.4.0-9+deb11u1          (won't fix)                                                    deb           CVE-2024-22365       Medium
libpam-modules-bin    1.4.0-9+deb11u1                                                                         deb           CVE-2024-10041       Medium
libpam-runtime        1.4.0-9+deb11u1          (won't fix)                                                    deb           CVE-2024-22365       Medium
libpam-runtime        1.4.0-9+deb11u1                                                                         deb           CVE-2024-10041       Medium
libpam0g              1.4.0-9+deb11u1          (won't fix)                                                    deb           CVE-2024-22365       Medium
libpam0g              1.4.0-9+deb11u1                                                                         deb           CVE-2024-10041       Medium
libpcre2-8-0          10.36-2                  10.36-2+deb11u1                                                deb           CVE-2022-1587        Critical
libpcre2-8-0          10.36-2                  10.36-2+deb11u1                                                deb           CVE-2022-1586        Critical
libpcre2-8-0          10.36-2                                                                                 deb           CVE-2022-41409       Negligible
libpcre3              2:8.39-13                                                                               deb           CVE-2019-20838       Negligible
libpcre3              2:8.39-13                                                                               deb           CVE-2017-7246        Negligible
libpcre3              2:8.39-13                                                                               deb           CVE-2017-7245        Negligible
libpcre3              2:8.39-13                                                                               deb           CVE-2017-16231       Negligible
libpcre3              2:8.39-13                                                                               deb           CVE-2017-11164       Negligible
libperl5.32           5.32.1-4+deb11u2         5.32.1-4+deb11u3                                               deb           CVE-2023-47038       High
libperl5.32           5.32.1-4+deb11u2         5.32.1-4+deb11u4                                               deb           CVE-2023-31484       High
libperl5.32           5.32.1-4+deb11u2         5.32.1-4+deb11u4                                               deb           CVE-2020-16156       High
libperl5.32           5.32.1-4+deb11u2                                                                        deb           CVE-2023-31486       Negligible
libperl5.32           5.32.1-4+deb11u2                                                                        deb           CVE-2011-4116        Negligible
libpng16-16           1.6.37-3                                                                                deb           CVE-2021-4214        Negligible
libpng16-16           1.6.37-3                                                                                deb           CVE-2019-6129        Negligible
libprocps8            2:3.3.17-5               (won't fix)                                                    deb           CVE-2023-4016        Low
libpython3.9-minimal  3.9.2-1                  (won't fix)                                                    deb           CVE-2024-7592        High
libpython3.9-minimal  3.9.2-1                                                                                 deb           CVE-2024-6232        High
libpython3.9-minimal  3.9.2-1                  (won't fix)                                                    deb           CVE-2024-0397        High
libpython3.9-minimal  3.9.2-1                  (won't fix)                                                    deb           CVE-2023-24329       High
libpython3.9-minimal  3.9.2-1                  (won't fix)                                                    deb           CVE-2022-45061       High
libpython3.9-minimal  3.9.2-1                  (won't fix)                                                    deb           CVE-2022-0391        High
libpython3.9-minimal  3.9.2-1                  (won't fix)                                                    deb           CVE-2021-3737        High
libpython3.9-minimal  3.9.2-1                  (won't fix)                                                    deb           CVE-2020-10735       High
libpython3.9-minimal  3.9.2-1                  (won't fix)                                                    deb           CVE-2015-20107       High
libpython3.9-minimal  3.9.2-1                  (won't fix)                                                    deb           CVE-2024-6923        Medium
libpython3.9-minimal  3.9.2-1                  (won't fix)                                                    deb           CVE-2024-0450        Medium
libpython3.9-minimal  3.9.2-1                  (won't fix)                                                    deb           CVE-2023-40217       Medium
libpython3.9-minimal  3.9.2-1                  (won't fix)                                                    deb           CVE-2023-27043       Medium
libpython3.9-minimal  3.9.2-1                  (won't fix)                                                    deb           CVE-2021-4189        Medium
libpython3.9-minimal  3.9.2-1                  (won't fix)                                                    deb           CVE-2021-3733        Medium
libpython3.9-minimal  3.9.2-1                                                                                 deb           CVE-2024-9287        Negligible
libpython3.9-minimal  3.9.2-1                                                                                 deb           CVE-2024-8088        Negligible
libpython3.9-minimal  3.9.2-1                  (won't fix)                                                    deb           CVE-2024-4032        Negligible
libpython3.9-minimal  3.9.2-1                  (won't fix)                                                    deb           CVE-2023-6597        Negligible
libpython3.9-minimal  3.9.2-1                  (won't fix)                                                    deb           CVE-2022-42919       Negligible
libpython3.9-minimal  3.9.2-1                                                                                 deb           CVE-2022-37454       Negligible
libpython3.9-minimal  3.9.2-1                  (won't fix)                                                    deb           CVE-2021-3426        Negligible
libpython3.9-minimal  3.9.2-1                  (won't fix)                                                    deb           CVE-2021-29921       Negligible
libpython3.9-minimal  3.9.2-1                                                                                 deb           CVE-2021-28861       Negligible
libpython3.9-minimal  3.9.2-1                                                                                 deb           CVE-2020-27619       Negligible
libpython3.9-minimal  3.9.2-1                  (won't fix)                                                    deb           CVE-2024-5642        Unknown
libpython3.9-stdlib   3.9.2-1                  (won't fix)                                                    deb           CVE-2024-7592        High
libpython3.9-stdlib   3.9.2-1                                                                                 deb           CVE-2024-6232        High
libpython3.9-stdlib   3.9.2-1                  (won't fix)                                                    deb           CVE-2024-0397        High
libpython3.9-stdlib   3.9.2-1                  (won't fix)                                                    deb           CVE-2023-24329       High
libpython3.9-stdlib   3.9.2-1                  (won't fix)                                                    deb           CVE-2022-45061       High
libpython3.9-stdlib   3.9.2-1                  (won't fix)                                                    deb           CVE-2022-0391        High
libpython3.9-stdlib   3.9.2-1                  (won't fix)                                                    deb           CVE-2021-3737        High
libpython3.9-stdlib   3.9.2-1                  (won't fix)                                                    deb           CVE-2020-10735       High
libpython3.9-stdlib   3.9.2-1                  (won't fix)                                                    deb           CVE-2015-20107       High
libpython3.9-stdlib   3.9.2-1                  (won't fix)                                                    deb           CVE-2024-6923        Medium
libpython3.9-stdlib   3.9.2-1                  (won't fix)                                                    deb           CVE-2024-0450        Medium
libpython3.9-stdlib   3.9.2-1                  (won't fix)                                                    deb           CVE-2023-40217       Medium
libpython3.9-stdlib   3.9.2-1                  (won't fix)                                                    deb           CVE-2023-27043       Medium
libpython3.9-stdlib   3.9.2-1                  (won't fix)                                                    deb           CVE-2021-4189        Medium
libpython3.9-stdlib   3.9.2-1                  (won't fix)                                                    deb           CVE-2021-3733        Medium
libpython3.9-stdlib   3.9.2-1                                                                                 deb           CVE-2024-9287        Negligible
libpython3.9-stdlib   3.9.2-1                                                                                 deb           CVE-2024-8088        Negligible
libpython3.9-stdlib   3.9.2-1                  (won't fix)                                                    deb           CVE-2024-4032        Negligible
libpython3.9-stdlib   3.9.2-1                  (won't fix)                                                    deb           CVE-2023-6597        Negligible
libpython3.9-stdlib   3.9.2-1                  (won't fix)                                                    deb           CVE-2022-42919       Negligible
libpython3.9-stdlib   3.9.2-1                                                                                 deb           CVE-2022-37454       Negligible
libpython3.9-stdlib   3.9.2-1                  (won't fix)                                                    deb           CVE-2021-3426        Negligible
libpython3.9-stdlib   3.9.2-1                  (won't fix)                                                    deb           CVE-2021-29921       Negligible
libpython3.9-stdlib   3.9.2-1                                                                                 deb           CVE-2021-28861       Negligible
libpython3.9-stdlib   3.9.2-1                                                                                 deb           CVE-2020-27619       Negligible
libpython3.9-stdlib   3.9.2-1                  (won't fix)                                                    deb           CVE-2024-5642        Unknown
libsepol1             3.1-1                    3.1-1+deb11u1                                                  deb           CVE-2021-36087       Low
libsepol1             3.1-1                    3.1-1+deb11u1                                                  deb           CVE-2021-36086       Low
libsepol1             3.1-1                    3.1-1+deb11u1                                                  deb           CVE-2021-36085       Low
libsepol1             3.1-1                    3.1-1+deb11u1                                                  deb           CVE-2021-36084       Low
libsmartcols1         2.36.1-8+deb11u1         2.36.1-8+deb11u2                                               deb           CVE-2024-28085       Low
libsmartcols1         2.36.1-8+deb11u1                                                                        deb           CVE-2022-0563        Negligible
libsqlite3-0          3.34.1-3                 3.34.1-3+deb11u1                                               deb           CVE-2023-7104        High
libsqlite3-0          3.34.1-3                 3.34.1-3+deb11u1                                               deb           CVE-2021-36690       High
libsqlite3-0          3.34.1-3                                                                                deb           CVE-2022-35737       Negligible
libsqlite3-0          3.34.1-3                                                                                deb           CVE-2021-45346       Negligible
libss2                1.46.2-2                 1.46.2-2+deb11u1                                               deb           CVE-2022-1304        High
libssh2-1             1.9.0-2                  1.9.0-2+deb11u1                                                deb           CVE-2020-22218       High
libssl1.1             1.1.1n-0+deb11u3         (won't fix)                                                    deb           CVE-2024-5535        Critical
libssl1.1             1.1.1n-0+deb11u3         1.1.1n-0+deb11u5                                               deb           CVE-2023-0464        High
libssl1.1             1.1.1n-0+deb11u3         1.1.1n-0+deb11u4                                               deb           CVE-2023-0286        High
libssl1.1             1.1.1n-0+deb11u3         1.1.1n-0+deb11u4                                               deb           CVE-2023-0215        High
libssl1.1             1.1.1n-0+deb11u3         1.1.1n-0+deb11u4                                               deb           CVE-2022-4450        High
libssl1.1             1.1.1n-0+deb11u3         (won't fix)                                                    deb           CVE-2024-0727        Medium
libssl1.1             1.1.1n-0+deb11u3         (won't fix)                                                    deb           CVE-2023-5678        Medium
libssl1.1             1.1.1n-0+deb11u3         1.1.1v-0~deb11u1                                               deb           CVE-2023-3817        Medium
libssl1.1             1.1.1n-0+deb11u3         1.1.1v-0~deb11u1                                               deb           CVE-2023-3446        Medium
libssl1.1             1.1.1n-0+deb11u3         1.1.1n-0+deb11u5                                               deb           CVE-2023-2650        Medium
libssl1.1             1.1.1n-0+deb11u3         1.1.1n-0+deb11u5                                               deb           CVE-2023-0466        Medium
libssl1.1             1.1.1n-0+deb11u3         1.1.1n-0+deb11u5                                               deb           CVE-2023-0465        Medium
libssl1.1             1.1.1n-0+deb11u3         1.1.1n-0+deb11u4                                               deb           CVE-2022-4304        Medium
libssl1.1             1.1.1n-0+deb11u3         1.1.1n-0+deb11u4                                               deb           CVE-2022-2097        Medium
libssl1.1             1.1.1n-0+deb11u3                                                                        deb           CVE-2024-9143        Unknown
libssl1.1             1.1.1n-0+deb11u3         (won't fix)                                                    deb           CVE-2024-4741        Unknown
libssl1.1             1.1.1n-0+deb11u3         (won't fix)                                                    deb           CVE-2024-2511        Unknown
libstdc++6            10.2.1-6                                                                                deb           CVE-2023-4039        Negligible
libsystemd0           247.3-7                  247.3-7+deb11u6                                                deb           CVE-2023-7008        Medium
libsystemd0           247.3-7                  247.3-7+deb11u2                                                deb           CVE-2022-4415        Medium
libsystemd0           247.3-7                  247.3-7+deb11u2                                                deb           CVE-2022-3821        Medium
libsystemd0           247.3-7                  247.3-7+deb11u6                                                deb           CVE-2023-50868       Negligible
libsystemd0           247.3-7                  247.3-7+deb11u6                                                deb           CVE-2023-50387       Negligible
libsystemd0           247.3-7                                                                                 deb           CVE-2023-31439       Negligible
libsystemd0           247.3-7                                                                                 deb           CVE-2023-31438       Negligible
libsystemd0           247.3-7                                                                                 deb           CVE-2023-31437       Negligible
libsystemd0           247.3-7                                                                                 deb           CVE-2020-13529       Negligible
libsystemd0           247.3-7                                                                                 deb           CVE-2013-4392        Negligible
libtasn1-6            4.16.0-2                 4.16.0-2+deb11u1                                               deb           CVE-2021-46848       Critical
libtinfo6             6.2+20201114-2           6.2+20201114-2+deb11u2                                         deb           CVE-2023-29491       High
libtinfo6             6.2+20201114-2           6.2+20201114-2+deb11u1                                         deb           CVE-2022-29458       High
libtinfo6             6.2+20201114-2           (won't fix)                                                    deb           CVE-2023-50495       Medium
libtinfo6             6.2+20201114-2           (won't fix)                                                    deb           CVE-2023-45918       Unknown
libtirpc-common       1.3.1-1                  1.3.1-1+deb11u1                                                deb           CVE-2021-46828       High
libtirpc3             1.3.1-1                  1.3.1-1+deb11u1                                                deb           CVE-2021-46828       High
libudev1              247.3-7                  247.3-7+deb11u6                                                deb           CVE-2023-7008        Medium
libudev1              247.3-7                  247.3-7+deb11u2                                                deb           CVE-2022-4415        Medium
libudev1              247.3-7                  247.3-7+deb11u2                                                deb           CVE-2022-3821        Medium
libudev1              247.3-7                  247.3-7+deb11u6                                                deb           CVE-2023-50868       Negligible
libudev1              247.3-7                  247.3-7+deb11u6                                                deb           CVE-2023-50387       Negligible
libudev1              247.3-7                                                                                 deb           CVE-2023-31439       Negligible
libudev1              247.3-7                                                                                 deb           CVE-2023-31438       Negligible
libudev1              247.3-7                                                                                 deb           CVE-2023-31437       Negligible
libudev1              247.3-7                                                                                 deb           CVE-2020-13529       Negligible
libudev1              247.3-7                                                                                 deb           CVE-2013-4392        Negligible
libuuid1              2.36.1-8+deb11u1         2.36.1-8+deb11u2                                               deb           CVE-2024-28085       Low
libuuid1              2.36.1-8+deb11u1                                                                        deb           CVE-2022-0563        Negligible
libzstd1              1.4.8+dfsg-2.1           (won't fix)                                                    deb           CVE-2022-4899        High
logback-classic       1.2.12                   1.2.13                                                         java-archive  GHSA-vmq6-5m68-f53m  High
logback-core          1.2.12                   1.2.13                                                         java-archive  GHSA-vmq6-5m68-f53m  High
logback-core          1.2.12                   1.2.13                                                         java-archive  GHSA-gm62-rw4g-vrc4  High
login                 1:4.8.1-1                (won't fix)                                                    deb           CVE-2023-4641        Medium
login                 1:4.8.1-1                (won't fix)                                                    deb           CVE-2023-29383       Low
login                 1:4.8.1-1                                                                               deb           CVE-2013-4235        Negligible
login                 1:4.8.1-1                                                                               deb           CVE-2007-5686        Negligible
logsave               1.46.2-2                 1.46.2-2+deb11u1                                               deb           CVE-2022-1304        High
mount                 2.36.1-8+deb11u1         2.36.1-8+deb11u2                                               deb           CVE-2024-28085       Low
mount                 2.36.1-8+deb11u1                                                                        deb           CVE-2022-0563        Negligible
nacos-client          1.4.6                                                                                   java-archive  GHSA-2g86-r6w2-wqqr  High
nacos-common          1.4.6                    2.0.4                                                          java-archive  GHSA-4gr7-qw2q-jxh6  Medium
ncurses-base          6.2+20201114-2           6.2+20201114-2+deb11u2                                         deb           CVE-2023-29491       High
ncurses-base          6.2+20201114-2           6.2+20201114-2+deb11u1                                         deb           CVE-2022-29458       High
ncurses-base          6.2+20201114-2           (won't fix)                                                    deb           CVE-2023-50495       Medium
ncurses-base          6.2+20201114-2           (won't fix)                                                    deb           CVE-2023-45918       Unknown
ncurses-bin           6.2+20201114-2           6.2+20201114-2+deb11u2                                         deb           CVE-2023-29491       High
ncurses-bin           6.2+20201114-2           6.2+20201114-2+deb11u1                                         deb           CVE-2022-29458       High
ncurses-bin           6.2+20201114-2           (won't fix)                                                    deb           CVE-2023-50495       Medium
ncurses-bin           6.2+20201114-2           (won't fix)                                                    deb           CVE-2023-45918       Unknown
netty-codec-http      4.1.101.Final            4.1.108.Final                                                  java-archive  GHSA-5jpm-x58v-624v  Medium
openjdk               1.8.0_342                1.8.0_422, 11.0.24, 17.0.12, 21.0.4, 22.0.2, 8.0.422           binary        CVE-2024-21147       High
openjdk               1.8.0_342                1.8.0_402, 11.0.22, 17.0.10, 21.0.2, 8.0.402                   binary        CVE-2024-20952       High
openjdk               1.8.0_342                1.8.0_402, 11.0.22, 17.0.10, 21.0.2, 8.0.402                   binary        CVE-2024-20918       High
openjdk               1.8.0_342                1.8.0_372, 11.0.19, 17.0.7, 20.0.1, 8.0.372                    binary        CVE-2023-21930       High
openjdk               1.8.0_342                1.8.0_432, 11.0.25, 17.0.13, 21.0.5, 23.0.1, 8.0.432           binary        CVE-2024-21235       Medium
openjdk               1.8.0_342                1.8.0_422, 11.0.24, 17.0.12, 21.0.4, 22.0.2, 8.0.422           binary        CVE-2024-21145       Medium
openjdk               1.8.0_342                1.8.0_422, 11.0.24, 17.0.12, 21.0.4, 22.0.2, 8.0.422           binary        CVE-2024-21140       Medium
openjdk               1.8.0_342                1.8.0_402, 11.0.22, 17.0.10, 21.0.2, 8.0.402                   binary        CVE-2024-20945       Medium
openjdk               1.8.0_342                1.8.0_402, 11.0.22, 8.0.402                                    binary        CVE-2024-20926       Medium
openjdk               1.8.0_342                1.8.0_402, 11.0.22, 17.0.10, 21.0.2, 8.0.402                   binary        CVE-2024-20921       Medium
openjdk               1.8.0_342                1.8.0_402, 11.0.22, 17.0.10, 21.0.2, 8.0.402                   binary        CVE-2024-20919       Medium
openjdk               1.8.0_342                1.8.0_392, 11.0.22, 17.0.9, 21.0.1, 8.0.392                    binary        CVE-2023-22081       Medium
openjdk               1.8.0_342                1.8.0_392, 8.0.392                                             binary        CVE-2023-22067       Medium
openjdk               1.8.0_342                1.8.0_372, 11.0.19, 17.0.7, 20.0.1, 8.0.372                    binary        CVE-2023-21967       Medium
openjdk               1.8.0_342                1.8.0_372, 11.0.19, 17.0.7, 8.0.372                            binary        CVE-2023-21954       Medium
openjdk               1.8.0_342                1.8.0_372, 11.0.19, 17.0.7, 20.0.1, 8.0.372                    binary        CVE-2023-21939       Medium
openjdk               1.8.0_342                1.8.0_362, 11-ea, 8.0.362                                      binary        CVE-2023-21830       Medium
openjdk               1.8.0_342                1.8.0_432, 11.0.25, 17.0.13, 21.0.5, 23.0.1, 8.0.432           binary        CVE-2024-21217       Low
openjdk               1.8.0_342                1.8.0_432, 11.0.25, 17.0.13, 21.0.5, 23.0.1, 8.0.432           binary        CVE-2024-21210       Low
openjdk               1.8.0_342                1.8.0_432, 11.0.25, 17.0.13, 21.0.5, 23.0.1, 8.0.432           binary        CVE-2024-21208       Low
openjdk               1.8.0_342                1.8.0_422, 11.0.24, 8.0.422                                    binary        CVE-2024-21144       Low
openjdk               1.8.0_342                1.8.0_422, 11.0.24, 17.0.12, 21.0.4, 22.0.2, 8.0.422           binary        CVE-2024-21138       Low
openjdk               1.8.0_342                1.8.0_422, 11.0.24, 17.0.12, 21.0.4, 22.0.2, 8.0.422           binary        CVE-2024-21131       Low
openjdk               1.8.0_342                1.8.0_412, 11.0.23, 17.0.11, 21.0.3, 22.0.1, 8.0.412           binary        CVE-2024-21094       Low
openjdk               1.8.0_342                1.8.0_412, 11.0.23, 8.0.412                                    binary        CVE-2024-21085       Low
openjdk               1.8.0_342                1.8.0_412, 11.0.23, 17.0.11, 21.0.3, 22.0.1, 8.0.412           binary        CVE-2024-21068       Low
openjdk               1.8.0_342                1.8.0_412, 11.0.23, 17.0.11, 21.0.3, 22.0.1, 8.0.412           binary        CVE-2024-21011       Low
openjdk               1.8.0_342                1.8.0_382, 11.0.20, 17.0.8, 20.0.2, 8.0.382                    binary        CVE-2023-22049       Low
openjdk               1.8.0_342                1.8.0_382, 11.0.20, 17.0.8, 20.0.2, 8.0.382                    binary        CVE-2023-22045       Low
openjdk               1.8.0_342                1.8.0_372, 11.0.19, 17.0.7, 20.0.1, 8.0.372                    binary        CVE-2023-21968       Low
openjdk               1.8.0_342                1.8.0_372, 11.0.19, 17.0.7, 20.0.1, 8.0.372                    binary        CVE-2023-21938       Low
openjdk               1.8.0_342                1.8.0_372, 11.0.19, 17.0.7, 20.0.1, 8.0.372                    binary        CVE-2023-21937       Low
openjdk               1.8.0_342                1.8.0_362, 11.0.18, 13.0.14, 15.0.10, 17.0.5, 19.0.2, 8.0.362  binary        CVE-2023-21843       Low
openssh-client        1:8.4p1-5+deb11u1        1:8.4p1-5+deb11u2                                              deb           CVE-2023-38408       Critical
openssh-client        1:8.4p1-5+deb11u1        1:8.4p1-5+deb11u3                                              deb           CVE-2021-41617       High
openssh-client        1:8.4p1-5+deb11u1        1:8.4p1-5+deb11u3                                              deb           CVE-2023-51385       Medium
openssh-client        1:8.4p1-5+deb11u1                                                                       deb           CVE-2023-51767       Negligible
openssh-client        1:8.4p1-5+deb11u1        1:8.4p1-5+deb11u3                                              deb           CVE-2023-48795       Negligible
openssh-client        1:8.4p1-5+deb11u1                                                                       deb           CVE-2021-36368       Negligible
openssh-client        1:8.4p1-5+deb11u1                                                                       deb           CVE-2020-15778       Negligible
openssh-client        1:8.4p1-5+deb11u1                                                                       deb           CVE-2020-14145       Negligible
openssh-client        1:8.4p1-5+deb11u1                                                                       deb           CVE-2019-6110        Negligible
openssh-client        1:8.4p1-5+deb11u1                                                                       deb           CVE-2018-15919       Negligible
openssh-client        1:8.4p1-5+deb11u1                                                                       deb           CVE-2016-20012       Negligible
openssh-client        1:8.4p1-5+deb11u1                                                                       deb           CVE-2008-3234        Negligible
openssh-client        1:8.4p1-5+deb11u1                                                                       deb           CVE-2007-2768        Negligible
openssh-client        1:8.4p1-5+deb11u1                                                                       deb           CVE-2007-2243        Negligible
openssl               1.1.1n-0+deb11u3         (won't fix)                                                    deb           CVE-2024-5535        Critical
openssl               1.1.1n-0+deb11u3         1.1.1n-0+deb11u5                                               deb           CVE-2023-0464        High
openssl               1.1.1n-0+deb11u3         1.1.1n-0+deb11u4                                               deb           CVE-2023-0286        High
openssl               1.1.1n-0+deb11u3         1.1.1n-0+deb11u4                                               deb           CVE-2023-0215        High
openssl               1.1.1n-0+deb11u3         1.1.1n-0+deb11u4                                               deb           CVE-2022-4450        High
openssl               1.1.1n-0+deb11u3         (won't fix)                                                    deb           CVE-2024-0727        Medium
openssl               1.1.1n-0+deb11u3         (won't fix)                                                    deb           CVE-2023-5678        Medium
openssl               1.1.1n-0+deb11u3         1.1.1v-0~deb11u1                                               deb           CVE-2023-3817        Medium
openssl               1.1.1n-0+deb11u3         1.1.1v-0~deb11u1                                               deb           CVE-2023-3446        Medium
openssl               1.1.1n-0+deb11u3         1.1.1n-0+deb11u5                                               deb           CVE-2023-2650        Medium
openssl               1.1.1n-0+deb11u3         1.1.1n-0+deb11u5                                               deb           CVE-2023-0466        Medium
openssl               1.1.1n-0+deb11u3         1.1.1n-0+deb11u5                                               deb           CVE-2023-0465        Medium
openssl               1.1.1n-0+deb11u3         1.1.1n-0+deb11u4                                               deb           CVE-2022-4304        Medium
openssl               1.1.1n-0+deb11u3         1.1.1n-0+deb11u4                                               deb           CVE-2022-2097        Medium
openssl               1.1.1n-0+deb11u3                                                                        deb           CVE-2024-9143        Unknown
openssl               1.1.1n-0+deb11u3         (won't fix)                                                    deb           CVE-2024-4741        Unknown
openssl               1.1.1n-0+deb11u3         (won't fix)                                                    deb           CVE-2024-2511        Unknown
passwd                1:4.8.1-1                (won't fix)                                                    deb           CVE-2023-4641        Medium
passwd                1:4.8.1-1                (won't fix)                                                    deb           CVE-2023-29383       Low
passwd                1:4.8.1-1                                                                               deb           CVE-2013-4235        Negligible
passwd                1:4.8.1-1                                                                               deb           CVE-2007-5686        Negligible
perl                  5.32.1-4+deb11u2         5.32.1-4+deb11u3                                               deb           CVE-2023-47038       High
perl                  5.32.1-4+deb11u2         5.32.1-4+deb11u4                                               deb           CVE-2023-31484       High
perl                  5.32.1-4+deb11u2         5.32.1-4+deb11u4                                               deb           CVE-2020-16156       High
perl                  5.32.1-4+deb11u2                                                                        deb           CVE-2023-31486       Negligible
perl                  5.32.1-4+deb11u2                                                                        deb           CVE-2011-4116        Negligible
perl-base             5.32.1-4+deb11u2         5.32.1-4+deb11u3                                               deb           CVE-2023-47038       High
perl-base             5.32.1-4+deb11u2         5.32.1-4+deb11u4                                               deb           CVE-2023-31484       High
perl-base             5.32.1-4+deb11u2         5.32.1-4+deb11u4                                               deb           CVE-2020-16156       High
perl-base             5.32.1-4+deb11u2                                                                        deb           CVE-2023-31486       Negligible
perl-base             5.32.1-4+deb11u2                                                                        deb           CVE-2011-4116        Negligible
perl-modules-5.32     5.32.1-4+deb11u2         5.32.1-4+deb11u3                                               deb           CVE-2023-47038       High
perl-modules-5.32     5.32.1-4+deb11u2         5.32.1-4+deb11u4                                               deb           CVE-2023-31484       High
perl-modules-5.32     5.32.1-4+deb11u2         5.32.1-4+deb11u4                                               deb           CVE-2020-16156       High
perl-modules-5.32     5.32.1-4+deb11u2                                                                        deb           CVE-2023-31486       Negligible
perl-modules-5.32     5.32.1-4+deb11u2                                                                        deb           CVE-2011-4116        Negligible
postgresql            42.3.8                   42.3.9                                                         java-archive  GHSA-24rp-q3w6-vc56  Critical
procps                2:3.3.17-5               (won't fix)                                                    deb           CVE-2023-4016        Low
protobuf-java         3.25.4                   3.25.5                                                         java-archive  GHSA-735f-pc8j-v9w8  High
python3.9             3.9.2-1                  (won't fix)                                                    deb           CVE-2024-7592        High
python3.9             3.9.2-1                                                                                 deb           CVE-2024-6232        High
python3.9             3.9.2-1                  (won't fix)                                                    deb           CVE-2024-0397        High
python3.9             3.9.2-1                  (won't fix)                                                    deb           CVE-2023-24329       High
python3.9             3.9.2-1                  (won't fix)                                                    deb           CVE-2022-45061       High
python3.9             3.9.2-1                  (won't fix)                                                    deb           CVE-2022-0391        High
python3.9             3.9.2-1                  (won't fix)                                                    deb           CVE-2021-3737        High
python3.9             3.9.2-1                  (won't fix)                                                    deb           CVE-2020-10735       High
python3.9             3.9.2-1                  (won't fix)                                                    deb           CVE-2015-20107       High
python3.9             3.9.2-1                  (won't fix)                                                    deb           CVE-2024-6923        Medium
python3.9             3.9.2-1                  (won't fix)                                                    deb           CVE-2024-0450        Medium
python3.9             3.9.2-1                  (won't fix)                                                    deb           CVE-2023-40217       Medium
python3.9             3.9.2-1                  (won't fix)                                                    deb           CVE-2023-27043       Medium
python3.9             3.9.2-1                  (won't fix)                                                    deb           CVE-2021-4189        Medium
python3.9             3.9.2-1                  (won't fix)                                                    deb           CVE-2021-3733        Medium
python3.9             3.9.2-1                                                                                 deb           CVE-2024-9287        Negligible
python3.9             3.9.2-1                                                                                 deb           CVE-2024-8088        Negligible
python3.9             3.9.2-1                  (won't fix)                                                    deb           CVE-2024-4032        Negligible
python3.9             3.9.2-1                  (won't fix)                                                    deb           CVE-2023-6597        Negligible
python3.9             3.9.2-1                  (won't fix)                                                    deb           CVE-2022-42919       Negligible
python3.9             3.9.2-1                                                                                 deb           CVE-2022-37454       Negligible
python3.9             3.9.2-1                  (won't fix)                                                    deb           CVE-2021-3426        Negligible
python3.9             3.9.2-1                  (won't fix)                                                    deb           CVE-2021-29921       Negligible
python3.9             3.9.2-1                                                                                 deb           CVE-2021-28861       Negligible
python3.9             3.9.2-1                                                                                 deb           CVE-2020-27619       Negligible
python3.9             3.9.2-1                  (won't fix)                                                    deb           CVE-2024-5642        Unknown
python3.9-minimal     3.9.2-1                  (won't fix)                                                    deb           CVE-2024-7592        High
python3.9-minimal     3.9.2-1                                                                                 deb           CVE-2024-6232        High
python3.9-minimal     3.9.2-1                  (won't fix)                                                    deb           CVE-2024-0397        High
python3.9-minimal     3.9.2-1                  (won't fix)                                                    deb           CVE-2023-24329       High
python3.9-minimal     3.9.2-1                  (won't fix)                                                    deb           CVE-2022-45061       High
python3.9-minimal     3.9.2-1                  (won't fix)                                                    deb           CVE-2022-0391        High
python3.9-minimal     3.9.2-1                  (won't fix)                                                    deb           CVE-2021-3737        High
python3.9-minimal     3.9.2-1                  (won't fix)                                                    deb           CVE-2020-10735       High
python3.9-minimal     3.9.2-1                  (won't fix)                                                    deb           CVE-2015-20107       High
python3.9-minimal     3.9.2-1                  (won't fix)                                                    deb           CVE-2024-6923        Medium
python3.9-minimal     3.9.2-1                  (won't fix)                                                    deb           CVE-2024-0450        Medium
python3.9-minimal     3.9.2-1                  (won't fix)                                                    deb           CVE-2023-40217       Medium
python3.9-minimal     3.9.2-1                  (won't fix)                                                    deb           CVE-2023-27043       Medium
python3.9-minimal     3.9.2-1                  (won't fix)                                                    deb           CVE-2021-4189        Medium
python3.9-minimal     3.9.2-1                  (won't fix)                                                    deb           CVE-2021-3733        Medium
python3.9-minimal     3.9.2-1                                                                                 deb           CVE-2024-9287        Negligible
python3.9-minimal     3.9.2-1                                                                                 deb           CVE-2024-8088        Negligible
python3.9-minimal     3.9.2-1                  (won't fix)                                                    deb           CVE-2024-4032        Negligible
python3.9-minimal     3.9.2-1                  (won't fix)                                                    deb           CVE-2023-6597        Negligible
python3.9-minimal     3.9.2-1                  (won't fix)                                                    deb           CVE-2022-42919       Negligible
python3.9-minimal     3.9.2-1                                                                                 deb           CVE-2022-37454       Negligible
python3.9-minimal     3.9.2-1                  (won't fix)                                                    deb           CVE-2021-3426        Negligible
python3.9-minimal     3.9.2-1                  (won't fix)                                                    deb           CVE-2021-29921       Negligible
python3.9-minimal     3.9.2-1                                                                                 deb           CVE-2021-28861       Negligible
python3.9-minimal     3.9.2-1                                                                                 deb           CVE-2020-27619       Negligible
python3.9-minimal     3.9.2-1                  (won't fix)                                                    deb           CVE-2024-5642        Unknown
spring-context        5.3.39                   5.3.41                                                         java-archive  GHSA-4gc7-5j7h-4qph  Medium
spring-security-core  5.7.11                   5.7.12                                                         java-archive  GHSA-f3jh-qvm4-mg39  High
spring-security-web   5.7.11                   5.7.13                                                         java-archive  GHSA-c4q5-6c82-3qpw  Critical
spring-web            5.3.39                   6.0.0                                                          java-archive  GHSA-4wrc-f8pq-fpqp  Critical
spring-webmvc         5.3.39                   5.3.40                                                         java-archive  GHSA-cx7f-g6mp-7hqm  High
tar                   1.34+dfsg-1              1.34+dfsg-1+deb11u1                                            deb           CVE-2022-48303       Medium
tar                   1.34+dfsg-1                                                                             deb           CVE-2005-2541        Negligible
tar                   1.34+dfsg-1              1.34+dfsg-1+deb11u1                                            deb           CVE-2023-39804       Unknown
unzip                 6.0-26                   6.0-26+deb11u1                                                 deb           CVE-2022-0530        Medium
unzip                 6.0-26                   6.0-26+deb11u1                                                 deb           CVE-2022-0529        Medium
unzip                 6.0-26                                                                                  deb           CVE-2021-4217        Negligible
util-linux            2.36.1-8+deb11u1         2.36.1-8+deb11u2                                               deb           CVE-2024-28085       Low
util-linux            2.36.1-8+deb11u1                                                                        deb           CVE-2022-0563        Negligible
wget                  1.21-1+deb11u1           (won't fix)                                                    deb           CVE-2024-38428       Critical
wget                  1.21-1+deb11u1           (won't fix)                                                    deb           CVE-2021-31879       Medium
zlib1g                1:1.2.11.dfsg-2+deb11u1  (won't fix)                                                    deb           CVE-2023-45853       Critical
zlib1g                1:1.2.11.dfsg-2+deb11u1  1:1.2.11.dfsg-2+deb11u2                                        deb           CVE-2022-37434       Critical
zookeeper             3.7.2                                                                                   java-archive  GHSA-r978-9m6m-6gm6  Medium

xingfudeshi · 2024-10-31T09:11:17Z

In the next version, we will use eclipse-temurin jdk. Please see here.980ba23#diff-9136d7ee194d90376becf626f92179e6d99617d858ce125f6f73ca09fa410840R53

funky-eyes · 2024-10-31T09:20:23Z

Starting from version 2.3, the base image will be fully transitioned to the Eclipse Temurin JDK image
#6918

linghengqian · 2024-10-31T09:26:50Z

@xingfudeshi @funky-eyes I verified Snapshot Docker Image locally by comparing it to 980ba23#diff-9136d7ee194d90376becf626f92179e6d99617d858ce125f6f73ca09fa410840R61 . But it looks like Seata doesn't support building with OpenJDK23 yet? Do I need to open a new issue?

sdk install java 23-open
sdk use java 23-open
git clone [email protected]:apache/incubator-seata.git
cd ./incubator-seata/
./mvnw -T 4C clean package -Dimage.name=eclipse-temurin:21.0.4_7-jdk       -Pimage,release-image-based-on-java21      -DskipTests -e -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn;

Click me to view Error Log🐲🐲🐲🐲🐲🐲🐲🐲🐲

[INFO] --- jib-maven-plugin:3.2.0:build (default) @ seata-server ---
[INFO]
[INFO] Containerizing application to apache/seata-server, apache/seata-server:2.3.0-SNAPSHOT.jdk21...
[WARNING] Base image 'eclipse-temurin:21.0.4_7-jdk' does not use a specific image digest - build may not be reproducible
[INFO] The base image requires auth. Trying again for eclipse-temurin:21.0.4_7-jdk...
[INFO] Executing tasks:
[INFO] [========                      ] 27.1% complete
[INFO] > building dependencies layer
[INFO] > pushing blob sha256:3be4e7bd7375b6968ea66b3a6...
[INFO] > pushing blob sha256:e3f298bb901f843e3175dafd9...
[INFO] > pushing blob sha256:1844467c33888736966ff5d1f...
[INFO] > pushing blob sha256:c3614710620337fd3125c0d7d...
[INFO]
[INFO] ------------------------------------------------------------------------
[INFO] Reactor Summary for Seata Parent POM 2.3.0-SNAPSHOT 2.3.0-SNAPSHOT:
[INFO]
[INFO] Seata Build 2.3.0-SNAPSHOT ......................... SUCCESS [  0.974 s]
[INFO] Seata Parent POM 2.3.0-SNAPSHOT .................... SUCCESS [  1.608 s]
[INFO] seata-common 2.3.0-SNAPSHOT ........................ SUCCESS [  4.187 s]
[INFO] seata-config 2.3.0-SNAPSHOT ........................ SUCCESS [  0.243 s]
[INFO] seata-config-core 2.3.0-SNAPSHOT ................... SUCCESS [  2.161 s]
[INFO] seata-config-custom 2.3.0-SNAPSHOT ................. SUCCESS [  3.387 s]
[INFO] seata-config-apollo 2.3.0-SNAPSHOT ................. SUCCESS [  4.038 s]
[INFO] seata-config-nacos 2.3.0-SNAPSHOT .................. SUCCESS [  4.635 s]
[INFO] seata-config-zk 2.3.0-SNAPSHOT ..................... SUCCESS [  4.335 s]
[INFO] seata-config-consul 2.3.0-SNAPSHOT ................. SUCCESS [  3.376 s]
[INFO] seata-config-etcd3 2.3.0-SNAPSHOT .................. SUCCESS [  3.984 s]
[INFO] seata-config-spring-cloud 2.3.0-SNAPSHOT ........... SUCCESS [  3.092 s]
[INFO] seata-discovery 2.3.0-SNAPSHOT ..................... SUCCESS [  0.241 s]
[INFO] seata-discovery-core 2.3.0-SNAPSHOT ................ SUCCESS [  3.459 s]
[INFO] seata-core 2.3.0-SNAPSHOT .......................... SUCCESS [  5.769 s]
[INFO] seata-discovery-custom 2.3.0-SNAPSHOT .............. SUCCESS [  4.001 s]
[INFO] seata-discovery-consul 2.3.0-SNAPSHOT .............. SUCCESS [  3.795 s]
[INFO] seata-discovery-eureka 2.3.0-SNAPSHOT .............. SUCCESS [  4.723 s]
[INFO] seata-discovery-nacos 2.3.0-SNAPSHOT ............... SUCCESS [  4.009 s]
[INFO] seata-discovery-redis 2.3.0-SNAPSHOT ............... SUCCESS [  3.188 s]
[INFO] seata-discovery-sofa 2.3.0-SNAPSHOT ................ SUCCESS [  4.806 s]
[INFO] seata-discovery-raft 2.3.0-SNAPSHOT ................ SUCCESS [  2.956 s]
[INFO] seata-discovery-zk 2.3.0-SNAPSHOT .................. SUCCESS [  4.608 s]
[INFO] seata-discovery-etcd3 2.3.0-SNAPSHOT ............... SUCCESS [  4.653 s]
[INFO] seata-discovery-namingserver 2.3.0-SNAPSHOT ........ SUCCESS [  3.735 s]
[INFO] seata-tm 2.3.0-SNAPSHOT ............................ SUCCESS [  3.700 s]
[INFO] seata-rpc-core 2.3.0-SNAPSHOT ...................... SUCCESS [  2.274 s]
[INFO] seata-brpc 2.3.0-SNAPSHOT .......................... SUCCESS [  1.276 s]
[INFO] seata-http 2.3.0-SNAPSHOT .......................... SUCCESS [  4.391 s]
[INFO] seata-http-jakarta 2.3.0-SNAPSHOT .................. SUCCESS [  2.259 s]
[INFO] seata-dubbo-alibaba 2.3.0-SNAPSHOT ................. SUCCESS [  2.768 s]
[INFO] seata-sofa-rpc 2.3.0-SNAPSHOT ...................... SUCCESS [  3.246 s]
[INFO] seata-motan 2.3.0-SNAPSHOT ......................... SUCCESS [  2.845 s]
[INFO] seata-rm 2.3.0-SNAPSHOT ............................ SUCCESS [  3.849 s]
[INFO] seata-sqlparser 2.3.0-SNAPSHOT ..................... SUCCESS [  0.231 s]
[INFO] seata-sqlparser-core 2.3.0-SNAPSHOT ................ SUCCESS [  2.059 s]
[INFO] seata-compressor 2.3.0-SNAPSHOT .................... SUCCESS [  0.239 s]
[INFO] seata-compressor-gzip 2.3.0-SNAPSHOT ............... SUCCESS [  4.182 s]
[INFO] seata-compressor-bzip2 2.3.0-SNAPSHOT .............. SUCCESS [  4.133 s]
[INFO] seata-compressor-zip 2.3.0-SNAPSHOT ................ SUCCESS [  3.308 s]
[INFO] seata-compressor-lz4 2.3.0-SNAPSHOT ................ SUCCESS [  4.000 s]
[INFO] seata-compressor-deflater 2.3.0-SNAPSHOT ........... SUCCESS [  3.382 s]
[INFO] seata-compressor-zstd 2.3.0-SNAPSHOT ............... SUCCESS [  3.399 s]
[INFO] seata-compressor-all 2.3.0-SNAPSHOT ................ SUCCESS [  2.432 s]
[INFO] seata-sqlparser-druid 2.3.0-SNAPSHOT ............... SUCCESS [ 43.424 s]
[INFO] seata-rm-datasource 2.3.0-SNAPSHOT ................. SUCCESS [  1.616 s]
[INFO] seata-serializer 2.3.0-SNAPSHOT .................... SUCCESS [  0.208 s]
[INFO] seata-serializer-seata 2.3.0-SNAPSHOT .............. SUCCESS [  4.411 s]
[INFO] seata-serializer-protobuf 2.3.0-SNAPSHOT ........... SUCCESS [  6.163 s]
[INFO] seata-serializer-kryo 2.3.0-SNAPSHOT ............... SUCCESS [  4.180 s]
[INFO] seata-serializer-hessian 2.3.0-SNAPSHOT ............ SUCCESS [  4.383 s]
[INFO] seata-serializer-fastjson2 2.3.0-SNAPSHOT .......... SUCCESS [  4.281 s]
[INFO] seata-serializer-all 2.3.0-SNAPSHOT ................ SUCCESS [  0.949 s]
[INFO] seata-integration-tx-api 2.3.0-SNAPSHOT ............ SUCCESS [  0.591 s]
[INFO] seata-tcc 2.3.0-SNAPSHOT ........................... SUCCESS [  0.537 s]
[INFO] seata-rocketmq 2.3.0-SNAPSHOT ...................... SUCCESS [  0.639 s]
[INFO] seata-sqlparser-antlr 2.3.0-SNAPSHOT ............... SUCCESS [  8.422 s]
[INFO] seata-spring 2.3.0-SNAPSHOT ........................ SUCCESS [  4.897 s]
[INFO] seata-grpc 2.3.0-SNAPSHOT .......................... SUCCESS [  3.263 s]
[INFO] seata-hsf 2.3.0-SNAPSHOT ........................... SUCCESS [  2.273 s]
[INFO] seata-saga 2.3.0-SNAPSHOT .......................... SUCCESS [  1.343 s]
[INFO] seata-saga-processctrl 2.3.0-SNAPSHOT .............. SUCCESS [  2.487 s]
[INFO] seata-saga-statelang 2.3.0-SNAPSHOT ................ SUCCESS [  2.538 s]
[INFO] seata-saga-engine-store 2.3.0-SNAPSHOT ............. SUCCESS [  2.887 s]
[INFO] seata-saga-engine 2.3.0-SNAPSHOT ................... SUCCESS [  2.924 s]
[INFO] seata-saga-rm 2.3.0-SNAPSHOT ....................... SUCCESS [  0.738 s]
[INFO] seata-saga-spring 2.3.0-SNAPSHOT ................... SUCCESS [  0.764 s]
[INFO] seata-metrics 2.3.0-SNAPSHOT ....................... SUCCESS [  0.212 s]
[INFO] seata-metrics-api 2.3.0-SNAPSHOT ................... SUCCESS [  2.128 s]
[INFO] seata-all 2.3.0-SNAPSHOT ........................... SUCCESS [  1.000 s]
[INFO] Seata All-in-one 2.3.0-SNAPSHOT .................... SUCCESS [  1.956 s]
[INFO] Seata bom 2.3.0-SNAPSHOT ........................... SUCCESS [  0.139 s]
[INFO] seata-config-all 2.3.0-SNAPSHOT .................... SUCCESS [  3.329 s]
[INFO] seata-console 2.3.0-SNAPSHOT ....................... SUCCESS [ 35.889 s]
[INFO] Seata dependencies 2.3.0-SNAPSHOT .................. SUCCESS [  0.085 s]
[INFO] seata-discovery-all 2.3.0-SNAPSHOT ................. SUCCESS [  0.925 s]
[INFO] seata-distribution 2.3.0-SNAPSHOT .................. SUCCESS [  0.210 s]
[INFO] seata-dubbo 2.3.0-SNAPSHOT ......................... SUCCESS [  0.286 s]
[INFO] seata-spring-autoconfigure 2.3.0-SNAPSHOT .......... SUCCESS [  0.267 s]
[INFO] seata-spring-autoconfigure-core 2.3.0-SNAPSHOT ..... SUCCESS [  1.081 s]
[INFO] seata-spring-autoconfigure-server 2.3.0-SNAPSHOT ... SUCCESS [  0.587 s]
[INFO] seata-metrics-core 2.3.0-SNAPSHOT .................. SUCCESS [  4.278 s]
[INFO] seata-metrics-registry-compact 2.3.0-SNAPSHOT ...... SUCCESS [  1.988 s]
[INFO] seata-metrics-exporter-prometheus 2.3.0-SNAPSHOT ... SUCCESS [  4.291 s]
[INFO] seata-metrics-all 2.3.0-SNAPSHOT ................... SUCCESS [  2.113 s]
[INFO] seata-server 2.3.0-SNAPSHOT ........................ FAILURE [  5.936 s]
[INFO] seata-mock-server 2.3.0-SNAPSHOT ................... SKIPPED
[INFO] seata-test 2.3.0-SNAPSHOT .......................... SKIPPED
[INFO] seata-test-old-version ............................. SKIPPED
[INFO] seata-spring-autoconfigure-client 2.3.0-SNAPSHOT ... SUCCESS [  0.592 s]
[INFO] seata-spring-boot-starter 2.3.0-SNAPSHOT ........... SUCCESS [  0.957 s]
[INFO] apm-seata-skywalking-plugin 2.3.0-SNAPSHOT ......... SKIPPED
[INFO] seata-namingserver 2.3.0-SNAPSHOT .................. SUCCESS [  3.627 s]
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time:  01:12 min (Wall Clock)
[INFO] Finished at: 2024-10-31T17:25:56+08:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal com.google.cloud.tools:jib-maven-plugin:3.2.0:build (default) on project seata-server: Unknown mediaType: application/vnd.oci.image.index.v1+json -> [Help 1]
org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal com.google.cloud.tools:jib-maven-plugin:3.2.0:build (default) on project seata-server: Unknown mediaType: application/vnd.oci.image.index.v1+json
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:215)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
    at org.apache.maven.lifecycle.internal.builder.multithreaded.MultiThreadedBuilder$1.call (MultiThreadedBuilder.java:200)
    at org.apache.maven.lifecycle.internal.builder.multithreaded.MultiThreadedBuilder$1.call (MultiThreadedBuilder.java:196)
    at java.util.concurrent.FutureTask.run (FutureTask.java:317)
    at java.util.concurrent.Executors$RunnableAdapter.call (Executors.java:572)
    at java.util.concurrent.FutureTask.run (FutureTask.java:317)
    at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1144)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:642)
    at java.lang.Thread.run (Thread.java:1575)
Caused by: org.apache.maven.plugin.MojoExecutionException: Unknown mediaType: application/vnd.oci.image.index.v1+json
    at com.google.cloud.tools.jib.maven.BuildImageMojo.execute (BuildImageMojo.java:181)
    at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:210)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:156)
    at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:148)
    at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
    at org.apache.maven.lifecycle.internal.builder.multithreaded.MultiThreadedBuilder$1.call (MultiThreadedBuilder.java:200)
    at org.apache.maven.lifecycle.internal.builder.multithreaded.MultiThreadedBuilder$1.call (MultiThreadedBuilder.java:196)
    at java.util.concurrent.FutureTask.run (FutureTask.java:317)
    at java.util.concurrent.Executors$RunnableAdapter.call (Executors.java:572)
    at java.util.concurrent.FutureTask.run (FutureTask.java:317)
    at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1144)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:642)
    at java.lang.Thread.run (Thread.java:1575)
Caused by: com.google.cloud.tools.jib.image.json.UnknownManifestFormatException: Unknown mediaType: application/vnd.oci.image.index.v1+json
    at com.google.cloud.tools.jib.registry.AbstractManifestPuller.getManifestTemplateFromJson (AbstractManifestPuller.java:177)
    at com.google.cloud.tools.jib.registry.AbstractManifestPuller.handleResponse (AbstractManifestPuller.java:98)
    at com.google.cloud.tools.jib.registry.RegistryEndpointCaller.call (RegistryEndpointCaller.java:140)
    at com.google.cloud.tools.jib.registry.RegistryEndpointCaller.call (RegistryEndpointCaller.java:114)
    at com.google.cloud.tools.jib.registry.RegistryClient.callRegistryEndpoint (RegistryClient.java:623)
    at com.google.cloud.tools.jib.registry.RegistryClient.pullManifest (RegistryClient.java:434)
    at com.google.cloud.tools.jib.registry.RegistryClient.pullManifest (RegistryClient.java:439)
    at com.google.cloud.tools.jib.builder.steps.PullBaseImageStep.pullBaseImages (PullBaseImageStep.java:292)
    at com.google.cloud.tools.jib.builder.steps.PullBaseImageStep.call (PullBaseImageStep.java:179)
    at com.google.cloud.tools.jib.builder.steps.PullBaseImageStep.call (PullBaseImageStep.java:69)
    at com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly (TrustedListenableFutureTask.java:131)
    at com.google.common.util.concurrent.InterruptibleTask.run (InterruptibleTask.java:74)
    at com.google.common.util.concurrent.TrustedListenableFutureTask.run (TrustedListenableFutureTask.java:82)
    at java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1144)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:642)
    at java.lang.Thread.run (Thread.java:1575)
[ERROR]
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoExecutionException
[ERROR]
[ERROR] After correcting the problems, you can resume the build with the command
[ERROR]   mvn <goals> -rf :seata-server

funky-eyes · 2024-10-31T09:46:17Z

An additional issue can be opened regarding the inability to support JDK 23 builds.

linghengqian · 2024-10-31T09:52:05Z

An additional issue can be opened regarding the inability to support JDK 23 builds.

I have opened Support building Seata Server Docker Image on OpenJDK23 #6965. There is no need to keep the current issue open.

linghengqian mentioned this issue Oct 31, 2024

Support building Seata Server Docker Image on OpenJDK23 #6965

Closed

linghengqian closed this as completed Oct 31, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use Wolfi OS as the Base Docker Image of Seata Server to reduce CVE #6964

Use Wolfi OS as the Base Docker Image of Seata Server to reduce CVE #6964

linghengqian commented Oct 31, 2024

linghengqian commented Oct 31, 2024

xingfudeshi commented Oct 31, 2024

funky-eyes commented Oct 31, 2024

linghengqian commented Oct 31, 2024

funky-eyes commented Oct 31, 2024

linghengqian commented Oct 31, 2024

Use Wolfi OS as the Base Docker Image of Seata Server to reduce CVE #6964

Use Wolfi OS as the Base Docker Image of Seata Server to reduce CVE #6964

Comments

linghengqian commented Oct 31, 2024

Why you need it?

How it could be?

Other related information

linghengqian commented Oct 31, 2024

xingfudeshi commented Oct 31, 2024

funky-eyes commented Oct 31, 2024

linghengqian commented Oct 31, 2024

funky-eyes commented Oct 31, 2024

linghengqian commented Oct 31, 2024