Hi Ashish, I suggested that you upgrade to V2.8. I checked 2 of the CVEs, and are fixed (or not used, like libfetch) in V2.8. If you still found the CVEs existed in V2.8, please raise it.
Thank you. Luke On Wed, Sep 1, 2021 at 4:07 AM Ashish Patil <ashish.pa...@gm.com> wrote: > Hi Team > > I wanted to use the 2.6.0 docker image for Kafka but It has lots of > security vulnerabilities. > Please find the below list of security vulnerabilities > ** > CVE-2021-36159 > CVE-2020-25649 <https://github.com/advisories/GHSA-288c-cq4h-88gq> > CVE-2021-22926 > CVE-2021-22922 > CVE-2021-22924 > CVE-2021-22922 > CVE-2021-22924 > CVE-2021-31535 > CVE-2019-17571 <https://github.com/advisories/GHSA-2qrg-x229-3v8q> > ** > > I did raise this issue here > https://github.com/wurstmeister/kafka-docker/issues/681 but it looks like > the issue is within the Kafka binary. > > Do we have any plan to fix this in the coming version or any suggestions > around this? > > Thanks > > Ashish >
