Closed W0lfier closed 1 year ago
Ping @jeqo
On Thu, 16 Mar 2023, 21:26 W0lfier, @.***> wrote:
What happened?
There are 1 security vulnerabilities found in org.apache.kafka:kafka-clients 3.2.1
- CVE-2023-25194 https://www.oscs1024.com/hd/CVE-2023-25194
What did I do?
Upgrade org.apache.kafka:kafka-clients from 3.2.1 to 3.4.0 for vulnerability fix What did you expect to happen?
Ideally, no insecure libs should be used. The specification of the pull request
PR Specification https://www.oscs1024.com/docs/pr-specification/ from OSCS
You can view, comment on, or merge this pull request online at:
https://github.com/openzipkin/brave/pull/1366 Commit Summary
- 08aa28e https://github.com/openzipkin/brave/pull/1366/commits/08aa28e064278b030348115de3463600d9c6e712 update org.apache.kafka:kafka-clients 3.2.1 to 3.4.0
File Changes
(1 file https://github.com/openzipkin/brave/pull/1366/files)
- M pom.xml https://github.com/openzipkin/brave/pull/1366/files#diff-9c5fb3d1b7e3b0f54bc5c4182965c4fe1f9023d449017cece3005d3f90e8e4d8 (2)
Patch Links:
- https://github.com/openzipkin/brave/pull/1366.patch
- https://github.com/openzipkin/brave/pull/1366.diff
— Reply to this email directly, view it on GitHub https://github.com/openzipkin/brave/pull/1366, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAXOYAXO7Y6NJLO3DCVOHB3W4NZRFANCNFSM6AAAAAAV5WMLNQ . You are receiving this because you are subscribed to this thread.Message ID: @.***>
I updated the PR title and release notes since the merged change was an update to 3.2.3 rather than 3.4.0.
What happened?
There are 1 security vulnerabilities found in org.apache.kafka:kafka-clients 3.2.1
What did I do?
Upgrade org.apache.kafka:kafka-clients from 3.2.1 to 3.4.0 for vulnerability fix
What did you expect to happen?
Ideally, no insecure libs should be used.
The specification of the pull request
PR Specification from OSCS