search

confluentinc / kafka-images

Confluent Docker images for Apache Kafka
Apache License 2.0
23 stars 136 forks source link

Security Vulnerabilities CVE-2023-3894 and IN1-JAVA-ORGHIBERNATEVALIDATOR-6247635 in cp-kafka-connect-base #279

Open aonamrata opened 5 months ago

aonamrata commented 5 months ago

Hello,

We just updated our Kafka connector base image to confluentinc/cp-kafka-connect-base:7.6.1 and that resolved some security vulnerabilities but now there are still a few high ones that are open.

name Installed version / Fixed version
CVE-2023-3894 - com.fasterxml.jackson.dataformat:jackson-dataformat-properties, com.fasterxml.jackson.dataformat:jackson-dataformat-properties 0:2.14.2 / 2.15.0
IN1-JAVA-ORGHIBERNATEVALIDATOR-6247635 - org.hibernate.validator:hibernate-validator, org.hibernate.validator:hibernate-validator 6.2.0

Is there a version that has this resolved? Do you think these can be updated?

mohamedq-mo commented 3 months ago

We have come across the same vulnerability in our scans, also on the current latest version - 7.6.1

Are there any plans to address this?