Open nikoncode opened 2 years ago
Also, I am wondering can I upgrade just kafka-protobuf-serializer
to the latest version without upgrading schema-registry backend?
There is any changes in schema registry API?
Mikita, Thank you for raising this issue. The latest release 6.2.6 ships with an updated protobuf-java-3.19.4.jar resolving the issue. https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-2331703.
Hi.
We are using
io.confluent:kafka-protobuf-serializer:6.2.1
(parially valid for higher versions) and it contains the following vulnerabilities:com.google.protobuf:protobuf-java@3.19.2, @3.18.2, @3.16.1
io.grpc:grpc-core@1.31.0
I can try to update this transitives in my project but I can't be sure that it will work. Since I don't know anything about 7 vs 6 compatibility, can you provide backport for 6.2.x for this?