vertx-kafka-client icon indicating copy to clipboard operation
vertx-kafka-client copied to clipboard

Published 20 hours ago verified publisher icon vert-x3

Upgrade kafka-clients from 3.5.0 to 3.7.0 fixing snappy vulnerabilities

Open julianladisch opened this issue 9 months ago • 0 comments

The kafka-clients upgrade indirectly upgrades snappy-java from 1.1.10.0 to 1.1.10.5 fixing these snappy-java vulnerablities:

  • https://nvd.nist.gov/vuln/detail/CVE-2023-34453
  • https://nvd.nist.gov/vuln/detail/CVE-2023-34454
  • https://nvd.nist.gov/vuln/detail/CVE-2023-34455
  • https://nvd.nist.gov/vuln/detail/CVE-2023-43642

kafka-clients 3.7.0 requires to bump the test dependency debezium from 2.1.4.Final to 2.6.1.Final.

julianladisch avatar May 05 '24 15:05 julianladisch