gergelyfabian opened a new issue, #23745:
URL: https://github.com/apache/pulsar/issues/23745

   ### Search before asking
   
   - [X] I searched in the [issues](https://github.com/apache/pulsar/issues) 
and found nothing similar.
   
   
   ### Read release policy
   
   - [X] I understand that unsupported versions don't get bug fixes. I will 
attempt to reproduce the issue on a supported version of Pulsar client and 
Pulsar broker.
   
   
   ### Version
   
   pulsar-client:3.3.2
   
   ### Minimal reproduce step
   
   pulsar-client has a dependence on async-http-client in a version (2.12.1) 
that has a critical CVE:
   
   https://github.com/advisories/GHSA-mfj5-cf8g-g2fv
   
   ### What did you expect to see?
   
   I'd like to be able to use pulsar-client without any critical/high CVEs 
included.
   
   ### What did you see instead?
   
   A critical CVE is detected when I use pulsar-client.
   
   ### Anything else?
   
   _No response_
   
   ### Are you willing to submit a PR?
   
   - [X] I'm willing to submit a PR!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@pulsar.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

Reply via email to