Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-15850

Not all docker tags are updated for CVE-2021-44228

    XMLWordPrintableJSON

Details

    • Task
    • Status: Resolved
    • Critical
    • Resolution: Fixed
    • 7.5
    • None
    • documentation
    • None

    Description

      As we are faced with critical CVE-2021-44228 (log4shell) these days, we still await security patches to fix log4j vulnerabilities published on December 12th, 2021.

       

      In our  case we're running Apache SOLR via Docker, where some image versions have been patched very quickly, but still some image versions float around in the official Docker Hub without having recieved the critical security patches.

       

      e.g. v7.5.0:

      https://hub.docker.com/layers/solr/library/solr/7.5.0/images/sha256-e3db40fa85e7115d2d1d3eb06f7555b6132e33bd3b6e91b17c0a1690122a7acc?context=explore

       

      When will these versions be updated in the Docker Repository to prevent users from being vulnerable with specific SOLR installations running?

      Attachments

        Activity

          People

            janhoy Jan Høydahl
            iis-hmm IIS
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: