Closed Debanjan05 closed 1 year ago
Closing this because most of the issues should be fixed in newest 3.7.1-temurin
tag. Specifically:
3.7.0
and 3.7.1
is no longer maintained because they were based on completely deprecated openjdk
image.libc
is upgraded to 2.35-0ubuntu3.1
in 3.7.1-temurin
.log4j
should have been fixed by the upstream in 3.7.1
. See https://issues.apache.org/jira/browse/ZOOKEEPER-4452 and https://issues.apache.org/jira/browse/ZOOKEEPER-4455
We have found this below list of CRITICAL Security vulnerabilties present in the official zookeper image -
Vulnerability ID Component Infected versions Fixed versions CVE-2021-33574 debian:bullseye:libc6:2.31-13+deb11u2 N/A N/A XRAY-179837 io.netty:netty-codec:4.1.59.Final < 4.1.66.Final 4.1.66.Final CVE-2022-23307 log4j:log4j:1.2.17 All Versions N/A CVE-2019-17571 log4j:log4j:1.2.17 ≤ 1.2.17 N/A CVE-2022-23305 log4j:log4j:1.2.17 1.1.0 ≤ Version ≤ 1.2.17 N/A CVE-2022-23219 debian:bullseye:libc6:2.31-13+deb11u2 N/A N/A CVE-2022-23218 debian:bullseye:libc6:2.31-13+deb11u2 N/A N/A
Can you please help us with the fix or update us on the release of security patches and also their respective timelines.