[CentOS] Official Docker images and security updates

Giovanni Tirloni gpt at gtirloni.com
Wed May 11 23:25:16 UTC 2016


Hello,

 It seems the official Docker images are missing some important
security updates [1][2]. Does anyone have any insight in how these
packages get built and when?

 Their Dockerfile seems to come from here:
https://github.com/docker-library/official-images/blob/master/library/centos
(commit for "latest" says "update CentOS-7 - 20160331 - monthly
build").

 In the official Docker documentation [2] they suggest not running
`apt-get upgrade` which I understood as don't run `yum -y upgrade` for
CentOS. Any advice on whether it's best practice to always update
packages or not?

Thank you,
Giovanni

1 - http://pastie.org/pastes/10833370/text
2 - https://blog.docker.com/2016/05/docker-security-scanning/
3 - https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/



More information about the CentOS mailing list