This is an automated email from the ASF dual-hosted git repository.
chia7712 pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/trunk by this push:
new 23bce3d4cab KAFKA-20446 KAFKA-20447: Fix CVE-2026-28390 and
CVE-2026-22184 (#22053)
23bce3d4cab is described below
commit 23bce3d4cab96306d107f41647f5d494bacf6862
Author: PoAn Yang <[email protected]>
AuthorDate: Wed Apr 15 00:40:21 2026 +0900
KAFKA-20446 KAFKA-20447: Fix CVE-2026-28390 and CVE-2026-22184 (#22053)
Fix CVE for libcrypto3, libssl3, and zlib. We can remove these if alpine
update default version.
Reviewers: Chia-Ping Tsai <[email protected]>, Ken Huang
<[email protected]>
---
docker/native/Dockerfile | 2 ++
1 file changed, 2 insertions(+)
diff --git a/docker/native/Dockerfile b/docker/native/Dockerfile
index 1a574397cfe..3e863633926 100644
--- a/docker/native/Dockerfile
+++ b/docker/native/Dockerfile
@@ -57,6 +57,8 @@ LABEL org.label-schema.name="kafka" \
org.opencontainers.image.authors="Apache Kafka"
RUN apk update ; \
+ # Fix CVE-2026-28390 and CVE-2026-22184. Remove this if alpine:latest is
updated to a version that has these CVEs fixed.
+ apk upgrade --no-cache libcrypto3 libssl3 zlib; \
apk add --no-cache gcompat ; \
apk add --no-cache bash ; \
mkdir -p /etc/kafka/docker /mnt/shared/config /opt/kafka/config
/etc/kafka/secrets ; \
