Share via

how to solve Java based vulnurabilities found in the snyk scan of Windows docker images?

prashant chakurkar 0 Reputation points
2025-10-10T06:35:22.8666667+00:00

Hi Team,

I am running snyk scan for docker container where i am installing the SQL 15, as base image i am using below images for 4 different containers:
Container 1: mcr.microsoft.com/windows/servercore:1809
container 2 : mcr.microsoft.com/windows/servercore:ltsc2019
container 3 : mcr.microsoft.com/windows/servercore:ltsc2022
container 4: mcr.microsoft.com/windows/servercore:ltsc2022
and installing SQL 15 from,
exe - "https://download.microsoft.com/download/7/c/1/7c14e92e-bdcb-4f89-b7cf-93543e7112d1/SQLServer2019-DEV-x64-ENU.exe"

box - "https://download.microsoft.com/download/7/c/1/7c14e92e-bdcb-4f89-b7cf-93543e7112d1/SQLServer2019-DEV-x64-ENU.box"

in scan result i am receiving, below vulnerabilities, i have mentioned suggestion from snyk as well:

  1. Commons-collections:commons-collections@3.2.1 - Upgrade to commons-collections:commons-collections@3.2.2 required
  2. log4j:log4j@1.2.17 - not needed as EOL
  3. org.apache.hadoop:hadoop-common@2.6.0.2.2.0.0-2041 -- upgraded to 2.10.2 required
  4. org.apache.hadoop:hadoop-common@2.6.0.2.2.0.0-2041 -- upgraded to 2.10.2 required
  5. org.apache.hive:hive-exec@2.1.0

Is there a base image from windows or cumulative update for mentioned images to solve the vulnerabilities during scan? please suggest.

Azure Container Instances

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Himanshu Shekhar 1,935 Reputation points Microsoft External Staff Moderator
    2025-10-10T14:11:13.8566667+00:00

    Hello prashant chakurkar

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    Microsoft releases updated Windows Server Base OS container images monthly on the second Tuesday each month. Microsoft does not provide in-container patching, we should update base images by pulling newer Microsoft container images with the latest cumulative updates.

    How to automate rebuilding container images based on updated base images:https://learn.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/update-containers

    Configure Windows Server Core Windows Update : https://learn.microsoft.com/en-us/windows-server/administration/server-core/server-core-servicing?tabs=cmd%2Cupdate-powershell

    SQL Server 2019 latest cumulative updates: https://support.microsoft.com/en-us/topic/kb5010657-description-of-the-security-update-for-sql-server-2019-gdr-february-8-2022-49c03140-0495-4504-82cd-e920c2ea81bc

    Kindly let us know if the suggested steps helps or you need further assistance on this issue.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.