Open kandukurihemanth opened 2 weeks ago
😢 yea, we just updated all our connectors last month to resolve most of the vulnerabilities and now we got new ones
CVE-2023-51775 - org.bitbucket.b_c:jose4j, org.bitbucket.b_c:jose4j
CVE-2024-29025 - io.netty:netty-codec-http, io.netty:netty-codec-http and 2 more
CVE-2023-3894 - com.fasterxml.jackson.dataformat:jackson-dataformat-properties, com.fasterxml.jackson.dataformat:jackson-dataformat-properties
CVE-2024-21634 - software.amazon.ion:ion-java, software.amazon.ion:ion-java and 1 more
https://support.confluent.io/hc/en-us/articles/13082992005396-Confluent-Security-Advisory-CONFSA-Publication-Policy says High (CVSS ​​7.0 - 8.9) - Fix available in 30 days
so 🤞
Hello Team,
I wanted to inform you that we've recently updated our Kafka connector base image to confluentinc/cp-kafka-connect-base:7.2.10, which successfully addressed several security vulnerabilities. However, we've identified that a few critical vulnerabilities still remain unresolved in this version. Additionally, upon reviewing the latest version, 7.6.1, it appears that there are even more vulnerabilities present.
Could you please advise if there is a newer version available that resolves these remaining vulnerabilities?