priyatama created KAFKA-15128:
---------------------------------
Summary: snappy-java-1.1.8.4.jar library vulnerability
Key: KAFKA-15128
URL: https://issues.apache.org/jira/browse/KAFKA-15128
Project: Kafka
Issue Type: Bug
Components: clients
Affects Versions: 3.4.0
Reporter: priyatama
Attachments: Screenshot 2023-06-27 at 12.30.51 PM.png
Hi Team,
we found new vulnerability introduced in snappy-java-1.1.8.4 library, so we
need to get rid of it.
!Screenshot 2023-06-27 at 12.30.51 PM.png|width=321,height=230!
during analysis, we found snappy-java coming via kafka-clients.
As our application is not directly using snappy-java jar.
Can any one please explain what is use of snappy-java in kafka-client or can we
exclude that?
Latest kafka-client also having vulnerable snappy-jar, by when kafka-client
will release next version which is having non-vulnerable snappy-java jar in it?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
