openzipkin/zipkin-gcp

Update Zipkin to address Apache Log4j 2 CVE-2021-44228

DannyPat44 opened this issue · 3 comments

DannyPat44 commented

Upgrade Docker Image to pull newest version of Zipkin that contains the patch for the Apache Log4j 2 CVE-2021-44228 vulnerability. Zipkin has merged a fix for the issue here: openzipkin/zipkin#3402 and is getting ready to release a patched version. The GCP docker image should be updated to this version once released.

Docker Image:

zipkin-gcp/docker/Dockerfile

Line 16 in 930f959

ARG zipkin_version=2.23.2

Vulnerability reference: https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/

DannyPat44 commented

The following release has the fix 2.23.4.

jcchavezs commented

Thanks for this issue. Also the pom file should be changed:

zipkin-gcp/pom.xml

Line 63 in 930f959

<zipkin.version>2.23.2</zipkin.version>

Do you mind opening a PR using 2.23.15?

shakuzen commented

Closed by #195