Trivy has flagged kafka-connect-jdbc:10.7.3 as affected by CVE-2023-4586 due to Netty dependecy, the issues is described here https://github.com/netty/netty/issues/8537 and won't be fixed until Netty 5.x.
Just creating this issue for tracking and have something to watch regarding our confluent dependencies.
Trivy has flagged
kafka-connect-jdbc:10.7.3
as affected by CVE-2023-4586 due to Netty dependecy, the issues is described here https://github.com/netty/netty/issues/8537 and won't be fixed until Netty 5.x.Just creating this issue for tracking and have something to watch regarding our confluent dependencies.