Log4j Vulnerability Fix - Docker Image

[ecetiner87]

Dear all,

As you know log4j vulnerability hits most of the applications during last 2 weeks. In our security scan; kafdrop-3.27 detected with this vulnerability. So we just moved it out from our current deployments but we really need it for our operation cycle.

Do you have any plan to update related vulnerable version in codebase and push a new docker image to dockerhub?

Best Regards

[kbudde]

The fix was merged some hours ago to master: #320
But no new image was deployed to dockerhub.

@ekoutanov It looks like travis is not connected to github anymore.

[davideicardi]

Closed in favor of #323 .
But I agree, it is high priority to try to restore Travis or any other CI/CD and release docker image.

[ecetiner87]

Thanks @davideicardi for notification. I will follow the progress with #323 .

Regards.

[davideicardi]

Published new docker image 3.28.0-SNAPSHOT with log4j fix.

[feli0821]

@davideicardi , where can i get it? I see the last update for docker was 8months ago. Thanks.

[fazla86]

@feli0821 you can see it on https://hub.docker.com/r/obsidiandynamics/kafdrop/tags?page=1&name=3.28.0-SNAPSHOT
docker pull obsidiandynamics/kafdrop:3.28.0-SNAPSHOT