hi kafka-clients:4.1.1 has updated the commons-beanutils dependency to 1.11.0 (see https://github.com/apache/kafka/commit/ddc30477a99c06d1c91f53bbf1230d32fadb98d5), and this change should already resolve the related CVE
Best, Chia-Ping V, Brundha via dev <[email protected]> 於 2025年12月4日週四 下午5:10寫道: > Hi, > > Latest version of kafka-clients:4.1.1 has CVE related to > ‘commons-beanutils’. I see that parent package ‘commons-validator’ is > already upgraded in code but I don’t see any releases having this upgraded > version on maven repository. Kindly make the version available as soon as > possible on maven as this CVE is under HIGH category. > > > > Thanks. > > Brundha S V > > >
