Affected by CVE-2023-4586 due to dependency with netty

confluentinc / common

Common utilities library containing metrics, config and utils

Apache License 2.0

4 stars 243 forks source link

Affected by CVE-2023-4586 due to dependency with netty #549

Closed jdvr closed 9 months ago

jdvr commented 11 months ago

Trivy has flagged kafka-connect-jdbc:10.7.3 as affected by CVE-2023-4586 due to Netty dependecy, the issues is described here https://github.com/netty/netty/issues/8537 and won't be fixed until Netty 5.x.

Just creating this issue for tracking and have something to watch regarding our confluent dependencies.

janjwerner-confluent commented 9 months ago

We are observing this issue and will address it when the resolution is available.