This is an automated email from the ASF dual-hosted git repository.
manikumar pushed a commit to branch 2.7
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/2.7 by this push:
new f8ffc03 KAFKA-12820: Upgrade maven-artifact dependency to resolve
CVE-2021-26291
f8ffc03 is described below
commit f8ffc037c57afb7aed7f1f09ab82e9c159dc0ab5
Author: Lee Dongjin <[email protected]>
AuthorDate: Fri May 21 16:07:07 2021 +0900
KAFKA-12820: Upgrade maven-artifact dependency to resolve CVE-2021-26291
CVE-2021-26291, which makes Man-In-The-Middle-Attack possible, was fixed in
maven 3.8.1.
Reviewers: Luke Chen <[email protected]>, Manikumar Reddy
<[email protected]>
---
gradle/dependencies.gradle | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
index ecdbdaf..a58f3e6 100644
--- a/gradle/dependencies.gradle
+++ b/gradle/dependencies.gradle
@@ -94,7 +94,7 @@ versions += [
kafka_25: "2.5.1",
kafka_26: "2.6.2",
lz4: "1.7.1",
- mavenArtifact: "3.6.3",
+ mavenArtifact: "3.8.1",
metrics: "2.2.0",
mockito: "3.5.7",
netty: "4.1.59.Final",
