[like] V, Brundha reacted to your message: ________________________________ From: Chia-Ping Tsai <[email protected]> Sent: Friday, December 5, 2025 2:15:15 AM To: [email protected] <[email protected]> Subject: Re: Latest version of kafka-clients has CVE on maven repo
I file https://urldefense.com/v3/__https://issues.apache.org/jira/browse/KAFKA-19966__;!!NpxR!iAyQiUd4e6LZCQz-zzfr4_qkfUqP3D0EmwlIc19xNIFMPMBU0ZRGH9mfwarFVvMfvBMHiuEAteyevkMlIaBCL8mL$ for the updates On 2025/12/04 06:28:52 "V, Brundha via dev" wrote: > > Hi, > Latest version of kafka-clients:4.1.1 has CVE related to 'commons-beanutils'. > I see that parent package 'commons-validator' is already upgraded in code but > I don't see any releases having this upgraded version on maven repository. > Kindly make the version available as soon as possible on maven as this CVE is > under HIGH category. > > Thanks. > Brundha S V > >
