Hello,

It seems the official Docker images are missing some important security updates [1][2]. Does anyone have any insight in how these packages get built and when?

Their Dockerfile seems to come from here:
https://github.com/docker-library/official-images/blob/master/library/CentOS
(commit for “latest” says “update CentOS-7 – 20160331 – monthly build”).

In the official Docker documentation [2] they suggest not running
`apt-get upgrade` which I understood as don’t run `yum -y upgrade` for CentOS. Any advice on whether it’s best practice to always update packages or not?

Thank you, Giovanni

1 – http://pastie.org/pastes/10833370/text
2 – https://blog.docker.com/2016/05/docker-security-scanning/
3 – https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/