[KAFKA-12820] Upgrade maven-artifact dependency to resolve CVE-2021-26291 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.6.1, 2.8.0, 2.7.1
Fix Version/s: 2.6.3, 2.7.2, 2.8.1, 3.0.0
Component/s: build
Labels:
None

Description

Current Gradle builds of Kafka contain a dependency of `maven-artifact` version 3.6.3, which contains CVE-2021-26291 (https://nvd.nist.gov/vuln/detail/CVE-2021-26291). This vulnerability has been fixed in Maven 3.8.1 (https://maven.apache.org/docs/3.8.1/release-notes.html). Apache Kafka should update `dependencies.gradle` to use the latest `maven-artifact` library to eliminate this vulnerability.

Attachments

Issue Links

links to

GitHub Pull Request #10739

Activity

People

Assignee:: Dongjin Lee

Reporter:: Boojapho

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 20/May/21 14:15

Updated:: 09/Aug/21 08:49

Resolved:: 21/May/21 07:12