RE: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image

2021-09-01 Thread Ashish Patil 
Hi Team

I tried upgrading it to 2.13_2.8.0 but still have these vulnerabilities.

[cid:image003.jpg@01D79F3D.5BA06A20]

What is your suggestion on this?

Thanks
Ashish

From: Jake Murphy Smith 
Sent: 01 September 2021 09:31
To: Ashish Patil 
Subject: RE: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 
docker image



From: Luke Chen mailto:show...@gmail.com>>
Sent: 01 September 2021 04:11
To: Kafka Users mailto:us...@kafka.apache.org>>
Cc: dev@kafka.apache.org<mailto:dev@kafka.apache.org>; Jake Murphy Smith 
mailto:jake.murphysm...@gm.com>>
Subject: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 
docker image

ATTENTION: This email originated from outside of GM.



Hi Ashish,
I suggested that you upgrade to V2.8.
I checked 2 of the CVEs, and are fixed (or not used, like libfetch) in V2.8.
If you still found the CVEs existed in V2.8, please raise it.

Thank you.
Luke




On Wed, Sep 1, 2021 at 4:07 AM Ashish Patil 
mailto:ashish.pa...@gm.com>> wrote:

Hi Team

I wanted to use the 2.6.0 docker image for Kafka but It has lots of security 
vulnerabilities.
Please find the below list of security vulnerabilities
**
CVE-2021-36159
CVE-2020-25649<https://github.com/advisories/GHSA-288c-cq4h-88gq>
CVE-2021-22926
CVE-2021-22922
CVE-2021-22924
CVE-2021-22922
CVE-2021-22924
CVE-2021-31535
CVE-2019-17571<https://github.com/advisories/GHSA-2qrg-x229-3v8q>
**

I did raise this issue here 
https://github.com/wurstmeister/kafka-docker/issues/681 but it looks like the 
issue is within the Kafka binary.



Do we have any plan to fix this in the coming version or any suggestions around 
this?
Thanks
Ashish

Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image

2021-08-31 Thread Ashish Patil 
Hi Team

I wanted to use the 2.6.0 docker image for Kafka but It has lots of security 
vulnerabilities.
Please find the below list of security vulnerabilities
**
CVE-2021-36159
CVE-2020-25649
CVE-2021-22926
CVE-2021-22922
CVE-2021-22924
CVE-2021-22922
CVE-2021-22924
CVE-2021-31535
CVE-2019-17571
**

I did raise this issue here 
https://github.com/wurstmeister/kafka-docker/issues/681 but it looks like the 
issue is within the Kafka binary.

[cid:image001.png@01D79EAB.B342BA90]

Do we have any plan to fix this in the coming version or any suggestions around 
this?
Thanks
Ashish