[KAFKA-14261] Dependency Vulnerability Scan Results (Mend/WhiteSource) - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 3.2.3
Fix Version/s: None
Component/s: security
Labels:
None

Description

The Kafka repository was scanned with Mend's (formerly WhiteSource) SCA (software composition analysis) tool for 3rd party dependency vulnerabilities. We scanned Kafka version 3.2.3 on 9/20.

The scan result detected the following instances of vulnerability severities:

12 highs
12 mediums
1 low

We would like to submit the Mend findings (attached to this ticket) as a bug with the request to update to non-vulnerable library versions. In the attached spreadsheet, column W "Top Fix" has notes on non-vulnerable versions to upgrade to.

Is there an SLA or typical amount of time to remediate vulnerabilities in the Kafka repo?

Thank you.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

GH_kafka-vulnerability-report.xlsx
26/Sep/22 22:04
14 kB
VeeVee Wang

Activity

People

Assignee:: Unassigned

Reporter:: VeeVee Wang

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 26/Sep/22 22:24

Updated:: 26/Sep/22 22:24