Vulnerability issues in Confluent images in version 7.3.1

Question

Vulnerability issues in Confluent images in version 7.3.1

vinodmur opened this issue 2 years ago · 3 comments

Hi Team,

We are using the following confluent images which are having vulnerability issues when scanned through twist cli & snyk. This restricts us from using the images for production environment.

confluentinc/cp-kafka-rest:7.3.1
confluentinc/cp-enterprise-control-center:7.3.1
confluentinc/cp-zookeeper:7.3.1
confluentinc/cp-server:7.3.1
confluentinc/cp-schema-registry:7.3.1
confluentinc/cp-kafka-connect-base:7.3.1

Can you suggest an upgraded version to fix the vulnerability issues

Answer 1 · 2023-02-06T16:21:51.000Z

Hello @vinodmur
Thank you for raising this issue. Can you provide more details about the vulnerabilities that restrict you from using the images in production? Confluent Platform updates (including image upgrades) are made available on a quarterly cadence.

Answer 2 · 2023-02-13T12:26:35.000Z

Hi @janjwerner-confluent.

Thanks much for your immediate response, please find attached the vulnerability scans for all the images.
twistlock_scans_2_7_23_12_31_31.csv
twistlock_scans_2_7_23_12_32_33.csv
twistlock_scans_2_7_23_12_36_11.csv
twistlock_scans_2_7_23_12_36_32.csv
twistlock_scans_2_7_23_12_36_49.csv
twistlock_scans_2_7_23_12_37_06.csv
twistlock_scans_2_7_23_12_37_24.csv

Answer 3 · 2023-02-13T14:58:27.000Z

Vinodmur
We are aware of the vulnerabilities listed in the scans provided and we expect to address them in the upcoming release. Confluent Platform updates (including image upgrades) are made available on a quarterly cadence.
Please reach out to Confluent Support https://www.confluent.io/confluent-cloud/support/ for any additional information