Reply to post:

DevOps to DevOops: Docker Hub proves so secure that 430 Docker images out of 2,500 have no vulnerabilities

Simian Surprise

> The worst offender is the jackson-databind-2.4.0 package...

IIRC 2.4 is pretty old (for the modern software release cadence) and is known to be an insecure pile of trouble. In fairness to Tatu and company newer versions are more secure. It seems a bit disingenuous to point at such packages and say "oh no, insecure code!".

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2020