search

elkozmon / zoonavigator

Web-based ZooKeeper UI / editor / browser
https://zoonavigator.elkozmon.com
GNU Affero General Public License v3.0
506 stars 72 forks source link

Zoonavigator upgrade due to EOL versions of software, Kubernetes cgroupv2 problems & potential security vulnerabilities #86

Closed jorkanofaln closed 2 months ago

jorkanofaln commented 1 year ago

Hello,

Looking at your Dockerfile used to build zoonavigator, I've discovered a few issues, which may cause security vulnerabilities, if they are not remediated. The first issue is the version of Ubuntu used as the base for the Docker image (version 18.04 is eol since May 31st of this year: https://techcommunity.microsoft.com/t5/azure-compute-blog/canonical-ubuntu-18-04-lts-reaching-end-of-standard-support/ba-p/3822623). In addition, there is an install of the python2 development libraries, which are no longer included in Ubuntu since 20.04 due to python2 eol date back in 2020: https://www.python.org/doc/sunset-python-2/. In Kubernetes since version 1.25, there is a problem with memory saturation as described here: https://learn.microsoft.com/en-us/troubleshoot/azure/azure-kubernetes/aks-memory-saturation-after-upgrade. Would it be possible to upgrade the Dockerfile image version from Ubuntu 18.04 LTS to Ubuntu 22.04 LTS and to use OpenJDK 17 as the Java version in the next release of Zoonavigator? Is it also possible to prioritize this issue, since it may cause security vulnerabilities and support issues, with regards to managed kubernetes services such as Azure Kubernetes Service, Google Kubernetes Engine or Elastic Kubernetes Service (AWS), in the future?

Looking forward to your answers

Regards,

Jorkano

elkozmon commented 1 year ago

Hi,

Thanks for letting me know :)

I have updated the parent images, but I ran into some trouble with the python2 dependency. I didn't have much time to dig deeper yet, but it seems I'll have to update the UIs dependencies for that one.

I intend to make a new release sometime this month that should address everything you mentioned.

piotrrybicki commented 2 months ago

Hi. It would be super nice to see new version released (including docker image) of Zoonavigator with those updates.

Best regards & thanks for making Zoonavigator :-)

elkozmon commented 2 months ago

Hey :) I know it has been long overdue but I just released version 1.1.3 with Ubuntu 22.04 and OpenJDK 17 as requested. Cheers!

elkozmon commented 2 months ago

Oh, almost forgot to mention, big thanks to @simoncaron for sorting out the broken builds! 🚀