[KAFKA-8308] Update jetty for security vulnerability CVE-2019-10241 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.2.0
Fix Version/s: 2.3.0
Component/s: core
Labels:
- security

Description

Kafka 2.2 uses jetty-*-9.4.14.v20181114 which is marked vulnerable

https://github.com/apache/kafka/blob/2.2/gradle/dependencies.gradle#L58

https://nvd.nist.gov/vuln/detail/CVE-2019-10241

Attachments

Issue Links

relates to

KAFKA-8316 Remove deprecated usage of Slf4jRequestLog, SslContextFactory

Resolved

Activity

People

Assignee:: Ismael Juma

Reporter:: Di Shang

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 01/May/19 04:20

Updated:: 03/May/19 17:38

Resolved:: 03/May/19 17:38