fix(provisioning|remoting): in the case of non-standard base images (…

…RDF4JSDK/Ontop) we may cater for high vulnerabilities.

provisioning/src/main/docker/Dockerfile

@@ -56,11 +56,16 @@ RUN if [ "${HTTP_PROXY}" != ""  ]; then \
         echo "Acquire::http::Proxy \"${HTTP_PROXY}\"" >> /etc/apt/apt.conf.d/proxy.conf; \
         echo "Acquire::https::Proxy \"${HTTP_PROXY}\"" >> /etc/apt/apt.conf.d/proxy.conf; \
     fi && \
+    apt-get -y upgrade && \
+    apt-get -y update && \
+    apt-get -y install libc6=2.35-0ubuntu3.4 && \
+    apt-get -y install libc-bin=2.35-0ubuntu3.4 && \
     rm /opt/ontop/lib/guava-*.jar && \
     rm /opt/ontop/lib/tomcat-embed-*.jar && \
     rm /opt/ontop/lib/spring-*.jar && \
     mkdir -p /opt/ontop/jdbc && \
     for jdbcDriver in "$jdbcDrivers"; do wget --no-check-certificate -q -P /opt/ontop/jdbc ${jdbcDriver} ; done && \
+    apt-get -y --auto-remove remove wget && \
     if [ "${HTTP_PROXY}" != ""  ]; then rm -f /etc/apt/apt.conf.d/proxy.conf; fi && \
     mkdir -p /opt/ontop/input && \
     mkdir -p /opt/ontop/database && \

remoting/src/main/docker/Dockerfile

@@ -92,6 +92,7 @@ RUN	mkdir -p /var/rdf4j/server/conf && \
     rm /usr/local/tomcat/conf/web.xml && \
     chown -R tomcat:tomcat /var/rdf4j /usr/local/tomcat && \
     apt-get -y --auto-remove remove unzip && \
+    apt-get -y --auto-remove remove wget && \
 	chmod 775 /usr/local/tomcat /usr/local/tomcat/bin /usr/local/tomcat/bin/catalina.sh /var/rdf4j/server 
 
 COPY --from=build /opt/lib/*.jar /usr/local/tomcat/webapps/rdf4j-server/WEB-INF/lib/