This is an automated email from the ASF dual-hosted git repository.
chia7712 pushed a commit to branch 4.3
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/4.3 by this push:
new 5a48025ab21 KAFKA-20446 KAFKA-20447: Fix CVE-2026-28390 and
CVE-2026-22184 (#22053)
5a48025ab21 is described below
commit 5a48025ab2146ffa270db32ce320ae1f2d472720
Author: PoAn Yang <[email protected]>
AuthorDate: Wed Apr 15 00:40:21 2026 +0900
KAFKA-20446 KAFKA-20447: Fix CVE-2026-28390 and CVE-2026-22184 (#22053)
Fix CVE for libcrypto3, libssl3, and zlib. We can remove these if alpine
update default version.
Reviewers: Chia-Ping Tsai <[email protected]>, Ken Huang
<[email protected]>
---
docker/native/Dockerfile | 2 ++
1 file changed, 2 insertions(+)
diff --git a/docker/native/Dockerfile b/docker/native/Dockerfile
index 1a574397cfe..3e863633926 100644
--- a/docker/native/Dockerfile
+++ b/docker/native/Dockerfile
@@ -57,6 +57,8 @@ LABEL org.label-schema.name="kafka" \
org.opencontainers.image.authors="Apache Kafka"
RUN apk update ; \
+ # Fix CVE-2026-28390 and CVE-2026-22184. Remove this if alpine:latest is
updated to a version that has these CVEs fixed.
+ apk upgrade --no-cache libcrypto3 libssl3 zlib; \
apk add --no-cache gcompat ; \
apk add --no-cache bash ; \
mkdir -p /etc/kafka/docker /mnt/shared/config /opt/kafka/config
/etc/kafka/secrets ; \
