What is the used zlib-version on xtradb cluster (innoDB)?

Hi! I’m using the docker-image of Percona XtraDB Cluster of version 8.0.29-21.1 and stumbled over the following Announcement:

There is CVE-2022-37434 listed. MySQL seems to compile zlib for InnoDB separately maintained inside the repository itself. If i read this right, you have this on xtradb-cluster as well percona-xtradb-cluster/utilities/CMakeLists.txt at 636b3c0aa912ac4764beb12f09c8c190b351baed · percona/percona-xtradb-cluster · GitHub

What i don’t understand is, what zlib library you’re using. If i read this right,you’re using the system library, instad of the bundled one?:

Also, if this is the case, the version says 8.0.29-21.1.el8 on the docker-image for ENV FULL_PERCONA_XTRADBCLUSTER_VERSION=8.0.29-21.1.el8
. Does this mean, you’re using the zlib version of red hat named zlib-1.2.11-20.el8.x86_64?

tl;dr: Does InnoDB on percona-xtradbcluster of version 8.0.29-21.2.el8 in the docker-image percona/percona-xtradb-cluster:8.0.29-21.1 use the bundled zlib library or the system library? And if it is the second case, does it use zlib-1.2.11-20.el8.x86_64? Reason is CVE-2022-37434 and nosyness :slight_smile:

Thanks for accepting my curiosity here :slight_smile:

EDIT: formatting.