IIS created ZOOKEEPER-4426: ------------------------------ Summary: Fix Zookeeper-Versions to CVE-2021-44228 Key: ZOOKEEPER-4426 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4426 Project: ZooKeeper Issue Type: Task Affects Versions: 3.4.13 Reporter: IIS
As we are faced with critical [CVE-2021-44228|https://github.com/advisories/GHSA-jfh8-c2jp-5v3q] (log4shell) these days, we still await security patches to fix log4j vulnerabilities published on December 12th, 2021. In our case we're running Apache Zookeeper via Docker, where unpatched versions still are available via the official Docker Image Repository. These images are shipped with jog4j and seem to not have recieved the critical security patches yet. e.g. v3.4.13: [https://hub.docker.com/layers/zookeeper/library/zookeeper/3.4.13/images/sha256-4ebfb9474e726f6b43674d8c3772bcda07a810d1c420196c69de3bc173c69e48?context=explore] When will these versions be updated in the Docker Repository to prevent users from being vulnerable with specific Zookeeper installations running? -- This message was sent by Atlassian Jira (v8.20.1#820001)