Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-14044

Upgrade Netty and Jackson for CVE fixes

Agile BoardAttach filesAttach ScreenshotVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 3.2.0
    • 3.3.0
    • core

    Description

      There are a couple of CVEs for netty and Jackson:

      Netty: CVE-2022-24823 - Fixed by upgrading to 4.1.77+

      Jackson: CVE-2020-36518 - Fixed by upgrading to 2.13.0+

      Attachments

        Issue Links

        is cloned by

        Bug - A problem which impairs or prevents the functions of the product. KAFKA-14320 Upgrade Jackson for CVE fix

        • Minor - Minor loss of function, or other problem where easy workaround is present.
        • Resolved
        is duplicated by

        Bug - A problem which impairs or prevents the functions of the product. KAFKA-13969 CVE-2022-24823 in netty 4.1.76.Final

        • Minor - Minor loss of function, or other problem where easy workaround is present.
        • Resolved
        links to

        Web Link GitHub Pull Request #12376

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            tomncooper Thomas Cooper
            tomncooper Thomas Cooper
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment