Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-13579

Upgrade vulnerable dependencies

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.8.1
    • 3.0.1, 3.2.0, 3.1.1
    • None

    Description

      Packages Package Version CVSS Fix Status
      io.netty_netty-codecĀ  (CVE-2021-43797) 4.1.62.Final 6.5 fixed in 4.1.71
      org.eclipse.jetty_jetty-server 9.4.43.v20210629 5.5 fixed in 9.4.44
      org.eclipse.jetty_jetty-servlet 9.4.43.v20210629 5.5 fixed in 9.4.44

      Our security scan detected the above vulnerabilities

      upgrade to correct versions for fixing vulnerabilities

      Attachments

        Issue Links

          duplicates

          Task - A task that needs to be done. KAFKA-13580 Bump dependency versions to latest patch to inherit bug and security fixes

          • Major - Major loss of function.
          • Patch Available
          is cloned by

          Bug - A problem which impairs or prevents the functions of the product. KAFKA-13658 Upgrade vulnerable dependencies jan 2022

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #11656

          Activity

            People

              showuon Luke Chen
              shivakumar Shivakumar
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: