Details
-
Improvement
-
Resolution: Won't Do
-
Major - P3
-
None
-
None
-
None
-
None
Description
The gosu tool we're installing inside the container is based on an old version of Go libraries. This is causing security scans to flag a potential vulnerability. We don't really need to use gosu for any specific reason, so we should just use sudo instead if we need root.
Note: This should be investigated after SERVER-71646 is done, since it's possible that we may not need to use sudo at all.