docker icon indicating copy to clipboard operation
docker copied to clipboard
verified publisher icon odoo

Odoo 16/15: Plans on upgrading to bookworm to fix Docker image vulnerabilities?

Open Pexers opened this issue 1 year ago • 3 comments

Plans on upgrading to bookworm to fix Docker image vulnerabilities?

There are multiple vulnerabilities identified within DockerHub that would be fixed by an upgrade from bullseye-slim to bookworm-slim for versions 15 & 16. One of these is PyYAML, where vulnerabilities can be found in versions below 5.4.

Is this something planned to be worked on in the near future? Thank you.

Pexers avatar Aug 09 '24 08:08 Pexers

up 👍🏻

sconetto avatar Aug 09 '24 12:08 sconetto

up 👍

otahmasebi avatar Sep 08 '24 08:09 otahmasebi

For odoo 15 it won't work. The required version of wkhtmltopdf for odoo15 seems to be version 0.12.5-1 (https://github.com/odoo/odoo/wiki/Wkhtmltopdf), and that version has no package for bookworm.

For odoo16 it's just to replace the all words of bullseye -> bookworm, and update the sha1-sums for the corresponding package files.. If the Odoo-devs can confirm that odoo15 works a newer version of Wkhtmltopdf, then it is an easy task to update the Dockerfile to bookworm.

hertell avatar Sep 08 '24 17:09 hertell