IIS created ZOOKEEPER-4426:
------------------------------

             Summary: Fix Zookeeper-Versions to CVE-2021-44228
                 Key: ZOOKEEPER-4426
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4426
             Project: ZooKeeper
          Issue Type: Task
    Affects Versions: 3.4.13
            Reporter: IIS


As we are faced with critical 
[CVE-2021-44228|https://github.com/advisories/GHSA-jfh8-c2jp-5v3q] (log4shell) 
these days, we still await security patches to fix log4j vulnerabilities 
published on December 12th, 2021.

 

In our  case we're running Apache Zookeeper via Docker, where unpatched 
versions still are available via the official Docker Image Repository. These 
images are shipped with jog4j and seem to not have recieved the critical 
security patches yet.

 

e.g. v3.4.13:

[https://hub.docker.com/layers/zookeeper/library/zookeeper/3.4.13/images/sha256-4ebfb9474e726f6b43674d8c3772bcda07a810d1c420196c69de3bc173c69e48?context=explore]

 

When will these versions be updated in the Docker Repository to prevent users 
from being vulnerable with specific Zookeeper installations running?



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to