CVE-2023-25194 - Upgrade Kafka client to 3.4.0 or higher

[johnswarbrick-napier]

Kafka Clients of version 3.3.2 and earlier are vulnerable to CVE-2023-25194:

https://security.snyk.io/vuln/SNYK-JAVA-ORGAPACHEKAFKA-3317161

Cruise Control is using Kafka Client 3.1.0:

https://github.com/linkedin/cruise-control/blob/migrate_to_kafka_2_5/gradle.properties#L5C1-L5C19

Would it be possible to upgrade the Kafka Client library to 3.4.0 or higher to remediate this CVE?

While I understand Cruise Control itself may not be directly vulnerable, the presence of this old version of the Kafka Client is triggering CVE vulnerability scanners.