[KAFKA-14988] Upgrade scalaCollectionCompact to v2.9 for CVE-2022-36944 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.5.0, 3.4.1, 3.6.0
Component/s: None
Labels:
None

Description

Current version of ScalaCollectionCompact library in trunk 2.6.0 suffers from a critical CVE-2022-36944

The CVE does not impact Kafka as per https://issues.apache.org/jira/browse/KAFKA-14267 (hence, not marking this as critical) and is fixed in ScalaCollectionCompact v2.9 as per https://github.com/scala/scala-collection-compat/pull/569

Attachments

Activity

People

Assignee:: Divij Vaidya

Reporter:: Divij Vaidya

Reviewer:: Luke Chen

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 11/May/23 08:41

Updated:: 15/May/23 12:28

Resolved:: 15/May/23 12:28