[
https://issues.apache.org/jira/browse/KAFKA-8952?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16940475#comment-16940475
]
ASF GitHub Bot commented on KAFKA-8952:
---------------------------------------
ijuma commented on pull request #7411: KAFKA-8952: Update Jackson to 2.10.0
URL: https://github.com/apache/kafka/pull/7411
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Vulnerabilities found for jackson-databind-2.9.9.jar and guava-20.0.jar in
> latest Apache-kafka latest version 2.3.0
> -------------------------------------------------------------------------------------------------------------------
>
> Key: KAFKA-8952
> URL: https://issues.apache.org/jira/browse/KAFKA-8952
> Project: Kafka
> Issue Type: New Feature
> Affects Versions: 2.3.0
> Reporter: Namrata Kokate
> Assignee: Ismael Juma
> Priority: Blocker
> Fix For: 2.3.1
>
>
> I am currently using apache kafka latest version-2.3.0, however When I
> deployed the binary on the containers, I can see the vulnerability reported
> for the two jars - jackson-databind-2.9.9.jar and guava-20.0.jar
>
> I can see these vulnerabilities have been removed in the
> jackson-databind-2.9.10.jar and guava-24.1.1-jre.jar jars but the
> apache-kafka version 2.3.0 does not include these new jars.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
