Vulnerability issues in Confluent images in version 7.3.1

[vinodmur]

Hi Team,

We are using the following confluent images which are having vulnerability issues when scanned through twist cli & snyk. This restricts us from using the images for production environment.

confluentinc/cp-kafka-rest:7.3.1 confluentinc/cp-enterprise-control-center:7.3.1 confluentinc/cp-zookeeper:7.3.1 confluentinc/cp-server:7.3.1 confluentinc/cp-schema-registry:7.3.1 confluentinc/cp-kafka-connect-base:7.3.1

Can you suggest an upgraded version to fix the vulnerability issues

[janjwerner-confluent]

Hello @vinodmur Thank you for raising this issue. Can you provide more details about the vulnerabilities that restrict you from using the images in production? Confluent Platform updates (including image upgrades) are made available on a quarterly cadence.

[vinodmur]

Hi @janjwerner-confluent.

Thanks much for your immediate response, please find attached the vulnerability scans for all the images. twistlock_scans_2_7_23_12_31_31.csv twistlock_scans_2_7_23_12_32_33.csv twistlock_scans_2_7_23_12_36_11.csv twistlock_scans_2_7_23_12_36_32.csv twistlock_scans_2_7_23_12_36_49.csv twistlock_scans_2_7_23_12_37_06.csv twistlock_scans_2_7_23_12_37_24.csv

[janjwerner-confluent]

Vinodmur We are aware of the vulnerabilities listed in the scans provided and we expect to address them in the upcoming release. Confluent Platform updates (including image upgrades) are made available on a quarterly cadence.
Please reach out to Confluent Support https://www.confluent.io/confluent-cloud/support/ for any additional information