This is an automated email from the ASF dual-hosted git repository.
manikumar pushed a commit to branch 2.8
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/2.8 by this push:
new ca923b0 KAFKA-12752: Bump Jersey deps to 2.34 due to CVE-2021-28168
(#10636)
ca923b0 is described below
commit ca923b0d9f728dd65e437e4607f86c00c00a81f8
Author: Shay Elkin <[email protected]>
AuthorDate: Thu May 6 07:44:03 2021 -0700
KAFKA-12752: Bump Jersey deps to 2.34 due to CVE-2021-28168 (#10636)
The version of the Eclipse Jersey library brought as dependences,
2.31, has a known vulnerability, CVE-2021-28168
(https://github.com/advisories/GHSA-c43q-5hpj-4crv).
This replaces it with 2.34, which is fully compatible with
2.31, except for bugs and vulnerabilities.
Reviewers: Manikumar Reddy <[email protected]>
---
gradle/dependencies.gradle | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
index 4128040..9a75442 100644
--- a/gradle/dependencies.gradle
+++ b/gradle/dependencies.gradle
@@ -71,7 +71,7 @@ versions += [
jacoco: "0.8.5",
javassist: "3.27.0-GA",
jetty: "9.4.39.v20210325",
- jersey: "2.31",
+ jersey: "2.34",
jline: "3.12.1",
jmh: "1.27",
hamcrest: "2.2",
