CVE-2018-1000654 vulnerability with openjdk:alpine image

[balasenthil-d]

Hi

When we scan the docker images produced with openjdk8:alpine and openjdk:appine3.8 with microscanner there is one high vulnerablity CVE-2018-1000654. Apparently there is still no fix for that? Is there a way to avoid the problematic library libtasn1 while building the image ?

[dsyer]

I can see that CVE alert from openjdk:8-jdk-alpine (sha256:2e9b153526a4f3c6991cd1f02326be8ee0c984d727c659ab8ab2dabd57582f8d). I don't really want to get into the nitty gritty of which base image to use in such a tiny "getting started" guide though. The best advice I could give would be not to use docker at all, and out source the base image decision to a build tool.