[jira] [Created] (KAFKA-14988) Upgrade scalaCollectionCompact to v2.9 for CVE-2022-36944

Divij Vaidya (Jira) Thu, 11 May 2023 01:42:47 -0700

Divij Vaidya created KAFKA-14988:
------------------------------------

             Summary: Upgrade scalaCollectionCompact to v2.9 for CVE-2022-36944
                 Key: KAFKA-14988
                 URL: https://issues.apache.org/jira/browse/KAFKA-14988
             Project: Kafka
          Issue Type: Improvement
            Reporter: Divij Vaidya



Current version of ScalaCollectionCompact library in trunk 2.6.0 suffers from a 
critical [CVE-2022-36944|https://github.com/advisories/GHSA-8qv5-68g4-248j]

 

The CVE does not impact Kafka as per 
https://issues.apache.org/jira/browse/KAFKA-14267  and is fixed in 
ScalaCollectionCompact v2.9 as per 
[https://github.com/scala/scala-collection-compat/pull/569] 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (KAFKA-14988) Upgrade scalaCollectionCompact to v2.9 for CVE-2022-36944

Reply via email to