How to fix Keycloak 14 Vulnerable RPMs

We are using keycloak 14 (container) and our scanner is complaining of few vulnerable RPMs available in the container. One example is, glibc-2.28-164.el8_5.3.x86_64.rpm which can be fixed by upgrading to glibc-2.35.

We have added the “yum update -y” on top of the keycloak image in our Dockerfile that suppose to take care of updating all the existing RPMs to latest.

FROM jboss/keycloak:14.0.0

USER root
RUN microdnf install yum && yum clean all && yum update -y 

However, The “yum update” calls is not able to fetch the latest repo. The possible reason could be, the use of a bare minimum “Universal Base Image” (RHEL) in the Keycloak container.

Anyone has fixed this issue? What are the best practice to fix this ongoing issue ? Should we go for a custom image that has our full Linux and JDK with keycloak jar on top of it?