tomncooper opened a new pull request, #138: URL: https://github.com/apache/flink-connector-kafka/pull/138
Currently, the Flink Kafka Connector uses Kafka client version 3.4.0. This has a medium severity vulnerability ([CVE-2024-31141](https://nvd.nist.gov/vuln/detail/CVE-2024-31141)) and needs to be upgraded to >= 3.8.0 to address it. 3.9.0 is the most recently released version and between that and 3.4.0 there have been numerous bug and performance fixes. This PR: - Updates the Kafka client version - Updates the other dependencies, that are shared with Kafka, to be in line with the version used in Kafka 3.9.0 (if the update of the other deps should be done in a separate PR, let me know). - Updates the Confluent Kafka and Zookeeper images to be in-line with the 3.9.0 Kafka versions. I am not familiar with ArchUnit, but it appears the violation file changes have been checked into previous commits so I have included them here aswell. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
