Known security issue (CVE-2021-38153) with dependency: kafka-clients:2.8.0

[SHxKM]

I couldn't find the repository for com.izettle:metrics-influxdb:1.3.4, but there's a known CVE (CVE-2021-38153) for version 2.8.0 of its dependency kafka-clients, detailed here:

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. Users should upgrade to 2.8.1 or higher, or 3.0.0 or higher where this vulnerability has been fixed. The affected versions include Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.6.0, 2.6.1, 2.6.2, 2.7.0, 2.7.1, and 2.8.0.

Are there any plans to upgrade to the fixing version 2.8.1?

[pp-tim]

Oh we are already at 2.8.1 closing this.