[
https://issues.apache.org/jira/browse/ZOOKEEPER-4426?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Patrick D. Hunt resolved ZOOKEEPER-4426.
----------------------------------------
Resolution: Invalid
The linked docker image is not maintained by the Apache community - see
https://hub.docker.com/_/zookeeper?tab=description
You'll need to communicate with (see the link above) to get that resolved, ie:
Maintained by: the Docker Community
Where to get help: the Docker Community Forums, the Docker Community Slack, or
Stack Overflow
> Fix Zookeeper-Versions to CVE-2021-44228
> ----------------------------------------
>
> Key: ZOOKEEPER-4426
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4426
> Project: ZooKeeper
> Issue Type: Task
> Affects Versions: 3.4.13
> Reporter: IIS
> Priority: Critical
>
> As we are faced with critical
> [CVE-2021-44228|https://github.com/advisories/GHSA-jfh8-c2jp-5v3q]
> (log4shell) these days, we still await security patches to fix log4j
> vulnerabilities published on December 12th, 2021.
>
> In our case we're running Apache Zookeeper via Docker, where unpatched
> versions still are available via the official Docker Image Repository. These
> images are shipped with jog4j and seem to not have recieved the critical
> security patches yet.
>
> e.g. v3.4.13:
> [https://hub.docker.com/layers/zookeeper/library/zookeeper/3.4.13/images/sha256-4ebfb9474e726f6b43674d8c3772bcda07a810d1c420196c69de3bc173c69e48?context=explore]
>
> When will these versions be updated in the Docker Repository to prevent users
> from being vulnerable with specific Zookeeper installations running?
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
