yawkat commented on PR #21035: URL: https://github.com/apache/kafka/pull/21035#issuecomment-3615845693
Yes, I understand that, and I find it prudent that you pay attention to this. This vulnerability and fix is definitely suspicious due to the project governance changes, compared to e.g. the xz backdoor. However https://sites.google.com/sonatype.com/vulnerabilities/cve-2025-12183 is a real Sonatype site, and you can see the CVE metadata is published by Sonatype in the CVE feed. I'm just providing evidence that I am honest :) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
