Release for new solr-operator with latest ZooKeeper dependency #657
Comments
|
I'm not sure where banzaicloud's zookeeper operator comes from, but the one that Solr relies on is https://github.com/pravega/zookeeper-operator. The latest release of the is 0.2.15 The log4j 1.x CVEs were addressed in Zookeeper 3.7.1, which the 0.2.15 version of the Zookeeper Operator uses. |
HoustonPutman
added
zookeeper
|
Hi. It looks like the project https://github.com/pravega/zookeeper-operator The last release was 0.2.15 , released this Apr 4, 2023. Current status seems to be: Our zookeeper-operator image seems to have 364 outdated packages at the moment. Wondering if we should switch to a more actively maintained zookeeper operator solution. |
|
I’ve given up on them. It’s dead. Turn off zk operator and instead deploy zk independently with a helm chart. I propose #600 |
|
I agree. Let's push for a 1.0 release with this as the big change. |
Hey team,
Latest released solr-operator (https://artifacthub.io/packages/helm/apache-solr/solr-operator) v0.8.0 has a dependency on ZooKeeper operator (https://artifacthub.io/packages/helm/banzaicloud-stable/zookeeper-operator) v0.2.15 which in turn depends on older ZooKeeper version exposing log4j 1.x usage for Solr.
Latest ZooKeeper version v0.3.0 mitigated this issue by upgrading underlying ZooKeeper deps. This issue is created to request release of new solr-operator chart that depends on updated ZooKeeper to remediate log4j exposure for downstream Ranger/Solr users.
The text was updated successfully, but these errors were encountered: