Hi Matthias,
Thanks for your interest in our product. There are a few aspects to your question, and I’ll try to answer them all here.
In addition to the :latest tag, we also publish an :edge tag. A few of the vulnerabilities you mentioned have already been fixed in our :edge release.
Our container is based on the Red Hat Universal Basic Image(UBI), we rely on vulnerability fixes within the UBI, and some of these vulnerabilities do not have available fixes. Sometimes Red Hat chooses not to release a fix at all (the CVE-2018 vulnerabilities are examples of this).
The remainder of the vulnerabilities you mentioned will be resolved in an upcoming release.
Finally, I’d like to strongly caution you against updating our docker container yourself. There is a chance that problems will be introduced with updated libraries, and Solace has not certified our broker with these versions of libraries.
Judd