GitLab Docker images aren't using the latest Ubuntu base image
It seems GitLab’s docker images are being built using an old version of the Ubuntu 14.04 image. For example, the image for 8.3.2 is based on an Ubuntu image from November 9th, even though there was an update to the Ubuntu 14.04 image on December 8th.
This is a problem because it means the GitLab image isn’t getting the latest security patches. For instance, the version of libpng in the 8.3.2 image is still vulnerable to CVE-2015-7981 and CVE-2015-8126.
I think the simplest solution is to add the --pull flag to docker build
, so that the build always uses the latest version of the Ubuntu 14.04 image.
Merge request included. :)