Hi All!
I have been digging into the security vulnerabilities around the DataHub canned images. It looks to me like all of the remaining vulnerabilities are coming from usage of Docker’s default Python image, which appears to be based on a vulnerable Debian base linux distro, at least for the severe vulnerabilities. These vulnerabilities were identified at least a year-ish ago, and as far as I can tell who ever owns this image just does not seem to care about it.
I think as an org / community DataHub should care about this! (One guy’s opinion!!) So IMHO a better base Python image is needed. Not sure of the best way to make that happen, but there it is.