It seems like your image does not show up on the mailing list. best, Colin
On Wed, Sep 1, 2021, at 06:26, Ashish Patil wrote: > Hi Team > > I tried upgrading it to 2.13_2.8.0 but still have these vulnerabilities. > > > > What is your suggestion on this? > > Thanks > Ashish > > *From:* Jake Murphy Smith <jake.murphysm...@gm.com> > *Sent:* 01 September 2021 09:31 > *To:* Ashish Patil <ashish.pa...@gm.com> > *Subject:* RE: [EXTERNAL] Re: Security vulnerabilities in > kafka:2.13-2.6.0/2.7.0 docker image > > > > *From:* Luke Chen <show...@gmail.com> > *Sent:* 01 September 2021 04:11 > *To:* Kafka Users <users@kafka.apache.org> > *Cc:* d...@kafka.apache.org; Jake Murphy Smith <jake.murphysm...@gm.com> > *Subject:* [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 > docker image > > *ATTENTION:* This email originated from outside of GM. > > > > Hi Ashish, > I suggested that you upgrade to V2.8. > I checked 2 of the CVEs, and are fixed (or not used, like libfetch) in V2.8. > If you still found the CVEs existed in V2.8, please raise it. > > Thank you. > Luke > > > > > On Wed, Sep 1, 2021 at 4:07 AM Ashish Patil <ashish.pa...@gm.com> wrote: >> Hi Team >> >> I wanted to use the 2.6.0 docker image for Kafka but It has lots of security >> vulnerabilities. >> Please find the below list of security vulnerabilities >> ** >> CVE-2021-36159 >> CVE-2020-25649 <https://github.com/advisories/GHSA-288c-cq4h-88gq> >> CVE-2021-22926 >> CVE-2021-22922 >> CVE-2021-22924 >> CVE-2021-22922 >> CVE-2021-22924 >> CVE-2021-31535 >> CVE-2019-17571 <https://github.com/advisories/GHSA-2qrg-x229-3v8q> >> ** >> >> I did raise this issue here >> https://github.com/wurstmeister/kafka-docker/issues/681 but it looks like >> the issue is within the Kafka binary. >> >> >> >> Do we have any plan to fix this in the coming version or any suggestions >> around this? >> >> Thanks >> Ashish