31z4
commented
2 years ago Zookeeper is not affected because it still uses log4j 1.x. See https://blogs.apache.org/security/entry/cve-2021-44228 and https://issues.apache.org/jira/browse/ZOOKEEPER-4423. Also, note that Docker image for 3.4 is no longer maintained due to End-of-Life (1st June, 2020).
We still don't see any updates to docker image versions vulnerable to critical CVE-2021-44228 (log4shell).
In our case we're using v3.4.13: https://hub.docker.com/layers/zookeeper/library/zookeeper/3.4.13/images/sha256-4ebfb9474e726f6b43674d8c3772bcda07a810d1c420196c69de3bc173c69e48?context=explore
When will these versions be patched and updated in your docker repository?