In my [3.1-3.3] cluster, I have pulled down the updated
ose-sti-builder image that was patched for CVE-2018-1102. However, when I start new s2i builds, the system pulls an older image version.
# docker images <docker_registry>/openshift3/ose-sti-builder v184.108.40.206 b536950df3d8 11 days ago 1.05 GB <docker_registry>/openshift3/ose-sti-builder v220.127.116.11 6e0afbb1af12 12 months ago 472.9 MB
Our S2I build event logs show the old image being used:
9:32:25 PM Normal Pulled Successfully pulled image "openshift3/ose-sti-builder:v18.104.22.168" 9:32:25 PM Normal Created Created container with docker id <HASH> 9:32:25 PM Normal Started Started container with docker id <HASH> 9:32:16 PM Normal Pulling pulling image "openshift3/ose-sti-builder:v22.214.171.124" 9:32:15 PM Normal Scheduled Successfully assigned cakephp-example-1-build to <pod>
Red Hat OpenShift Container Platform v3.1-3.3
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.