search

confluentinc / kafka-connect-storage-common

Shared software among connectors that target distributed filesystems and cloud storage.
Other
5 stars 155 forks source link

Vulnerable package update #271

Open pranayk01 opened 2 years ago

pranayk01 commented 2 years ago

Problem

Some vulnerable packages are reported in kafka-connect-storage-common git.

  1. Netty 4.1.71.Final https://nvd.nist.gov/vuln/detail/CVE-2022-24823 Fixed in 4.1.77 version

  2. Jetty 9.4.43.v20210629 https://nvd.nist.gov/vuln/detail/CVE-2022-2048 Fixed in 9.4.48.v20220622

Solution

Bumping up to the versions which have the fix for vulnerabilities.

CLAassistant commented 2 years ago

CLA assistant check
All committers have signed the CLA.

janjwerner-confluent commented 1 year ago

Thank you for raising this issue. We are aware of those issues and plan on addressing them in an upcoming release cycle.