"This image has vulnerabilities" on Docker Hub

[teohhanhui]

No description provided.

[willfarrell]

fpm-7-alpine: libxml2, sqlite3 3.0.0, file 5.5, file 5.4, file 5.2, pcre 8.38 are listed to have several major and severe vulnerabilities

[felixsand]

Is anyone looking into this issue...?
It's not very reassuring if this hasn't been corrected since this issue opened on the 15 Jun 2016.

https://hub.docker.com/r/library/php/tags/

[tianon]

Sorry for missing this one -- we get these reports quite often, and they usually involve a large amount of digging which ends up in very little which is actionable. See docker-library/official-images#2740 for a fairly recent example where @yosifkit dove into a lot of these reports and found most of them to be either false positives or out of our hands (because Debian upstream hasn't patched the vulnerabilities either, for whatever reason, although usually because they looked into it and deemed it to be a minor issue).

If there are actionable items we can resolve, we're happy to do so (and do so actively).

Thanks!