zlib library security vulnerability through to version 1.3

[MiikaL]

Description

We use the Confluent.Kafka nuget which makes use of librdkafka, and we are receiving a security warning about the version of zlib in use:

One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '8.0': zlib1.dll: CVE-2023-45853(9.8), CVE-2002-0059(9.8), CVE-2022-37434(9.8)

https://nvd.nist.gov/vuln/detail/CVE-2023-45853

Checklist

IMPORTANT: We will close issues where the checklist has not been completed.

Please provide the following information:

• [x] librdkafka version (release number or git tag): 2.3.1
• [x] Apache Kafka version: N/A
• [x] librdkafka client configuration: N/A
• [x] Operating system: windows
• [x] Provide logs (with debug=.. as necessary) from librdkafka
• [x] Provide broker log excerpts
• [x] Critical issue

[janjwerner-confluent]

Thank you for the report. We are in the process of resolving this issue.

[janjwerner-confluent]

Resolved in https://github.com/confluentinc/librdkafka/pull/4706