Angelo Cesaro
Angelo Cesaro
This PR resolves #CVE-2023-34455, #CVE-2023-34462. kafka: update from 3.1.0 to 3.5.1 due to CVE-2023-34455 zookeeper: update to the latest stable recommended release netty: update due to CVE-2023-34462 jetty: update to...
Kafka 3.5.1 fixes CVE-2023-34455 - Kafka CLIENTS USING SNAPPY COMPRESSION MAY CAUSE OUT OF MEMORY ERROR ON BROKERS https://nvd.nist.gov/vuln/detail/CVE-2023-34455 https://kafka.apache.org/cve-list.html Would it be possible to upgrade the Kafka library to...
Hello, Looking at the latest commits, the jsonpath library is being upgraded to 2.8.0 and that implies the upgrade of the json-smart to 2.4.10 fixing the CVE-2023-1370. ``` +--- io.strimzi:kafka-oauth-common:0.12.0...