In my [3.1-3.3] cluster, I have pulled down the updated
ose-sti-builder image that was patched for CVE-2018-1102. However, when I start new s2i builds, the system pulls an older image version.
# docker images <docker_registry>/openshift3/ose-sti-builder v126.96.36.199 b536950df3d8 11 days ago 1.05 GB <docker_registry>/openshift3/ose-sti-builder v188.8.131.52 6e0afbb1af12 12 months ago 472.9 MB
Our S2I build event logs show the old image being used:
9:32:25 PM Normal Pulled Successfully pulled image "openshift3/ose-sti-builder:v184.108.40.206" 9:32:25 PM Normal Created Created container with docker id <HASH> 9:32:25 PM Normal Started Started container with docker id <HASH> 9:32:16 PM Normal Pulling pulling image "openshift3/ose-sti-builder:v220.127.116.11" 9:32:15 PM Normal Scheduled Successfully assigned cakephp-example-1-build to <pod>
Red Hat OpenShift Container Platform v3.1-3.3
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.