divijvaidya opened a new pull request, #14438: URL: https://github.com/apache/kafka/pull/14438
Current version of Jetty (9.4.51) has some known vulnerabilities such as https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167 . The vulnerability is fixed in 9.4.52. We cannot move to Jetty 10.x and Jetty 11.x because they required minimum of JDK-11, whereas Kafka currently supports JDK-8. Release notes for Jetty 9.4.52 - https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.52.v20230823 This release (9.4.52) contains mostly security and CVE fixes. No breaking changes reported. I will backport this to 3.3, 3.4, 3.5 and 3.6 branches. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
