Zookeeper needs to be bumped to 3.8.3 in order to fix a series of identified CRITICAL CVEs #585
Comments
|
@pandoscas I have updated zookeeper to 3.8.3 for vulnerabilities remediation. docker/Dockerfile (updated base img version of zk)
Looks like these two are only files to be modified to make it 3.8.3 |
|
Yes from what I could tell even on other repositories that would close not only the CVEs I referred but also a good amount of other vulnerabilities. |
|
@subhranil05 there is one issue with scaling in this image, https://issues.apache.org/jira/browse/ZOOKEEPER-4530 |
|
Nice find! I can see if the CVEs were fixed under 3.7. |
|
@anishakj thanks for pointing it out, will check with 3.7.2 |
|
Already checked the vulnerabilities with 3.7.2, no CRITICAL were found there. |
|
I can commit right away the change if 3.7 is ok. |
sure, please |
|
@pandoscas what is the status with 3.7.2 ? Is it worki working fine with scale in ? |
PR is here: #586. |
@pandoscas Could you please update the README to |
|
One question @anishakj how can I request the creation of a |
u can create build by using |
|
Hi @anishakj, |
Description
While running trivy to look for vulnerabilities in the latest 0.2.15 images, the report returned multiple CRITICAL CVEs in the zookeeper image that have been resolved in the latest stable 3.8.3.
I have attatched to this issue the report extracted from trivy, but the CRITICAL CVEs found are:
CVE-2023-38545
CVE-2021-32292
CVE-2022-3515
CVE-2022-47629
CVE-2022-1586
CVE-2022-1587
CVE-2021-46848
CVE-2022-37434
CVE-2023-44981
vulnerability_zookeeper_operator_upgrade.json
Importance
must-have
Location
Zookeeper image
Suggestions for an improvement
Bump the zookeeper docker image to version 3.8.3, which is the latest stable version.
The text was updated successfully, but these errors were encountered: