Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-4426

Fix Docker Hub Zookeeper-Versions to CVE-2021-44228

    XMLWordPrintableJSON

Details

    • Task
    • Status: Resolved
    • Critical
    • Resolution: Invalid
    • 3.4.13
    • None
    • None
    • None

    Description

      As we are faced with critical CVE-2021-44228 (log4shell) these days, we still await security patches to fix log4j vulnerabilities published on December 12th, 2021.

       

      In our  case we're running Apache Zookeeper via Docker, where unpatched versions still are available via the official Docker Image Repository. These images are shipped with jog4j and seem to not have recieved the critical security patches yet.

       

      e.g. v3.4.13:

      https://hub.docker.com/layers/zookeeper/library/zookeeper/3.4.13/images/sha256-4ebfb9474e726f6b43674d8c3772bcda07a810d1c420196c69de3bc173c69e48?context=explore

       

      When will these versions be updated in the Docker Repository to prevent users from being vulnerable with specific Zookeeper installations running?

      Attachments

        Issue Links

          relates to

          Bug - A problem which impairs or prevents the functions of the product. ZOOKEEPER-4484 Critical Security Vulnerabilities in Apache Zookeper image

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              iis-hmm IIS
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: