Hi Kristof!
There's a note in the Overview tab on that Docker Hub page that says:
IMPORTANT - IBM Security Access Manager will no longer host images on Docker Hub after December 31st, 2022. Images can now be accessed via IBM container registry. More details regarding this new location can be found at the following URL: https://docs.verify.ibm.com/ibm-security-verify-access/docs/containersI'm also referring to this IBM Support note:
https://www.ibm.com/support/pages/node/6830213Example: the below command will pull the verify-access-openldap:10.0.4.0_IF1
docker pull icr.io/isva/verify-access-openldap:10.0.4.0_IF1
And remember: the verify-access-openldap image is only designed to be used in test environments. If you want to use openldap in production you should obtain a supported version of openldap.
Cheers, Peter.
------------------------------
Peter Volckaert
Senior Sales Engineer
Authentication and Access
IBM Security
------------------------------
Original Message:
Sent: Mon November 21, 2022 01:29 AM
From: Kristof Goossens
Subject: openssl CVE-2022-3786 and CVE-2022-3602 (openssl)
Hi,
I noticed the docker images ibmcom/isam-openldap (at least tag 9.0.7.2_IF3) is vulnerable to CVE-2022-3786 and CVE-2022-3602.
I've been keeping an eye on the docker hub, but didn't see new images become available that fixed these CVEs. Are there plans to release images that address these issues?
On a side note: I use aquasec/trivy to scan docker images, which can yield interesting results for any image you are using...
------------------------------
Kristof Goossens
------------------------------