Hi Team I tried upgrading it to 2.13_2.8.0 but still have these vulnerabilities.
[cid:image003.jpg@01D79F3D.5BA06A20] What is your suggestion on this? Thanks Ashish From: Jake Murphy Smith <jake.murphysm...@gm.com> Sent: 01 September 2021 09:31 To: Ashish Patil <ashish.pa...@gm.com> Subject: RE: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image From: Luke Chen <show...@gmail.com<mailto:show...@gmail.com>> Sent: 01 September 2021 04:11 To: Kafka Users <us...@kafka.apache.org<mailto:us...@kafka.apache.org>> Cc: dev@kafka.apache.org<mailto:dev@kafka.apache.org>; Jake Murphy Smith <jake.murphysm...@gm.com<mailto:jake.murphysm...@gm.com>> Subject: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image ATTENTION: This email originated from outside of GM. Hi Ashish, I suggested that you upgrade to V2.8. I checked 2 of the CVEs, and are fixed (or not used, like libfetch) in V2.8. If you still found the CVEs existed in V2.8, please raise it. Thank you. Luke On Wed, Sep 1, 2021 at 4:07 AM Ashish Patil <ashish.pa...@gm.com<mailto:ashish.pa...@gm.com>> wrote: Hi Team I wanted to use the 2.6.0 docker image for Kafka but It has lots of security vulnerabilities. Please find the below list of security vulnerabilities ** CVE-2021-36159 CVE-2020-25649<https://github.com/advisories/GHSA-288c-cq4h-88gq> CVE-2021-22926 CVE-2021-22922 CVE-2021-22924 CVE-2021-22922 CVE-2021-22924 CVE-2021-31535 CVE-2019-17571<https://github.com/advisories/GHSA-2qrg-x229-3v8q> ** I did raise this issue here https://github.com/wurstmeister/kafka-docker/issues/681 but it looks like the issue is within the Kafka binary. Do we have any plan to fix this in the coming version or any suggestions around this? Thanks Ashish
