[kafka] branch 2.7 updated: KAFKA-12752: Bump Jersey deps to 2.34 due to CVE-2021-28168 (#10636)

manikumar Thu, 06 May 2021 07:50:46 -0700

This is an automated email from the ASF dual-hosted git repository.

manikumar pushed a commit to branch 2.7
in repository https://gitbox.apache.org/repos/asf/kafka.git



The following commit(s) were added to refs/heads/2.7 by this push:
     new ecdfb77  KAFKA-12752: Bump Jersey deps to 2.34 due to CVE-2021-28168 
(#10636)
ecdfb77 is described below

commit ecdfb77263835be52d02e59e6e33c37ea8f902df
Author: Shay Elkin <[email protected]>
AuthorDate: Thu May 6 07:44:03 2021 -0700

    KAFKA-12752: Bump Jersey deps to 2.34 due to CVE-2021-28168 (#10636)
    
    The version of the Eclipse Jersey library brought as dependences,
    2.31, has a known vulnerability, CVE-2021-28168 
(https://github.com/advisories/GHSA-c43q-5hpj-4crv).
    
    This replaces it with 2.34, which is fully compatible with
    2.31, except for bugs and vulnerabilities.
    
    Reviewers: Manikumar Reddy <[email protected]>
---
 gradle/dependencies.gradle | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
index d5c435a..ecdbdaf 100644
--- a/gradle/dependencies.gradle
+++ b/gradle/dependencies.gradle
@@ -70,7 +70,7 @@ versions += [
   jacksonDatabind: "2.10.5.1",
   jacoco: "0.8.5",
   jetty: "9.4.39.v20210325",
-  jersey: "2.31",
+  jersey: "2.34",
   jmh: "1.23",
   hamcrest: "2.2",
   log4j: "1.2.17",

[kafka] branch 2.7 updated: KAFKA-12752: Bump Jersey deps to 2.34 due to CVE-2021-28168 (#10636)

Reply via email to