[
https://issues.apache.org/jira/browse/SOLR-15850?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
IIS reopened SOLR-15850:
------------------------
> Not all docker tags are updated for CVE-2021-44228
> --------------------------------------------------
>
> Key: SOLR-15850
> URL: https://issues.apache.org/jira/browse/SOLR-15850
> Project: Solr
> Issue Type: Task
> Components: documentation
> Affects Versions: 7.5
> Reporter: IIS
> Assignee: Jan Høydahl
> Priority: Critical
>
> As we are faced with critical
> [CVE-2021-44228|https://github.com/advisories/GHSA-jfh8-c2jp-5v3q]
> (log4shell) these days, we still await security patches to fix log4j
> vulnerabilities published on December 12th, 2021.
>
> In our case we're running Apache SOLR via Docker, where some image versions
> have been patched very quickly, but still some image versions float around in
> the official Docker Hub without having recieved the critical security patches.
>
> e.g. v7.5.0:
> [https://hub.docker.com/layers/solr/library/solr/7.5.0/images/sha256-e3db40fa85e7115d2d1d3eb06f7555b6132e33bd3b6e91b17c0a1690122a7acc?context=explore]
>
> When will these versions be updated in the Docker Repository to prevent users
> from being vulnerable with specific SOLR installations running?
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
