[
https://issues.apache.org/jira/browse/BEAM-14256?focusedWorklogId=752989&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-752989
]
ASF GitHub Bot logged work on BEAM-14256:
-----------------------------------------
Author: ASF GitHub Bot
Created on: 05/Apr/22 16:42
Start Date: 05/Apr/22 16:42
Worklog Time Spent: 10m
Work Description: chamikaramj commented on PR #17282:
URL: https://github.com/apache/beam/pull/17282#issuecomment-1089015837
I'll go ahead and merge given that this is fixing a vulnerability but we
have to make sure that this does not result in a regression for the Kafka
connector.
Issue Time Tracking
-------------------
Worklog Id: (was: 752989)
Time Spent: 1h 10m (was: 1h)
> Upgrade spring expression dependency
> ------------------------------------
>
> Key: BEAM-14256
> URL: https://issues.apache.org/jira/browse/BEAM-14256
> Project: Beam
> Issue Type: Task
> Components: io-java-kafka
> Reporter: John Casey
> Assignee: John Casey
> Priority: P2
> Fix For: 2.39.0
>
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> Kafka IO depends on SpEL, and the current dependency has a vulnerability. Our
> usage of the library doesn't expose the vulnerability, but users have asked
> us to upgrade to be sure
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
