Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-12820

Upgrade maven-artifact dependency to resolve CVE-2021-26291

    XMLWordPrintableJSON

    Details

    • Type: Task
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.6.1, 2.8.0, 2.7.1
    • Fix Version/s: 2.6.3, 2.7.2, 2.8.1, 3.0.0
    • Component/s: build
    • Labels:
      None

      Description

      Current Gradle builds of Kafka contain a dependency of `maven-artifact` version 3.6.3, which contains CVE-2021-26291 (https://nvd.nist.gov/vuln/detail/CVE-2021-26291).  This vulnerability has been fixed in Maven 3.8.1 (https://maven.apache.org/docs/3.8.1/release-notes.html).  Apache Kafka should update `dependencies.gradle` to use the latest `maven-artifact` library to eliminate this vulnerability.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                dongjin Dongjin Lee
                Reporter:
                boojapho Boojapho
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: