search

opentracing-contrib / java-kafka-client

OpenTracing Instrumentation for Apache Kafka Client
Apache License 2.0
125 stars 64 forks source link

jackson-databind vulnerabilities using kafka_2.12 version 2.3.0 #63

Closed jondey closed 5 years ago

jondey commented 5 years ago

Hi

Version 2.3.0 of org.apache.kakfa:kafka_2.12 has jackson-databind vulnerabilities. https://snyk.io/vuln/SNYK-JAVA-COMFASTERXMLJACKSONCORE-455617

Jackson libraries have been upgraded in 2.3.1.

Can kafka.version property in the parent pom be updated to 2.3.1?

<kafka.version>2.3.1</kafka.version>
malafeev commented 5 years ago

fixed via #64