kafka-connect-storage-common icon indicating copy to clipboard operation
kafka-connect-storage-common copied to clipboard

Published 20 hours ago verified publisher icon confluentinc

Vulnerable package update

Open pranayk01 opened this issue 3 years ago • 2 comments

Problem

Some vulnerable packages are reported in kafka-connect-storage-common git.

  1. Netty 4.1.71.Final https://nvd.nist.gov/vuln/detail/CVE-2022-24823 Fixed in 4.1.77 version

  2. Jetty 9.4.43.v20210629 https://nvd.nist.gov/vuln/detail/CVE-2022-2048 Fixed in 9.4.48.v20220622

Solution

Bumping up to the versions which have the fix for vulnerabilities.

pranayk01 avatar Sep 21 '22 11:09 pranayk01

CLA assistant check
All committers have signed the CLA.

CLAassistant avatar Sep 21 '22 11:09 CLAassistant

Thank you for raising this issue. We are aware of those issues and plan on addressing them in an upcoming release cycle.

janjwerner-confluent avatar Oct 27 '22 01:10 janjwerner-confluent