(skywalking) branch master updated: Bump up kafka client to fix CVE (#12088)

[wusheng]

This is an automated email from the ASF dual-hosted git repository.

wusheng pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/skywalking.git


The following commit(s) were added to refs/heads/master by this push:
     new 8699ffdf28 Bump up kafka client to fix CVE (#12088)
8699ffdf28 is described below

commit 8699ffdf28a73a9ce24515d44d6ddd8cb7a5d99c
Author: kezhenxu94 <kezhenx...@apache.org>
AuthorDate: Wed Apr 10 22:03:52 2024 +0800

    Bump up kafka client to fix CVE (#12088)
---
 dist-material/release-docs/LICENSE | 8 ++++----
 docs/en/changes/changes.md         | 1 +
 oap-server-bom/pom.xml             | 2 +-
 3 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/dist-material/release-docs/LICENSE 
b/dist-material/release-docs/LICENSE
index 175b643365..4166bc2ece 100644
--- a/dist-material/release-docs/LICENSE
+++ b/dist-material/release-docs/LICENSE
@@ -348,7 +348,7 @@ The text of each license is the standard Apache 2.0 license.
     
https://mvnrepository.com/artifact/org.apache.httpcomponents/httpclient/4.5.3 
Apache-2.0
     
https://mvnrepository.com/artifact/org.apache.httpcomponents/httpcore/4.4.13 
Apache-2.0
     
https://mvnrepository.com/artifact/org.apache.httpcomponents/httpcore-nio/4.4.13
 Apache-2.0
-    https://mvnrepository.com/artifact/org.apache.kafka/kafka-clients/2.8.1 
Apache-2.0
+    https://mvnrepository.com/artifact/org.apache.kafka/kafka-clients/3.4.0 
Apache-2.0
     
https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-api/2.17.1 
Apache-2.0
     
https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-core/2.17.1 
Apache-2.0
     
https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-slf4j-impl/2.17.1
 Apache-2.0
@@ -366,12 +366,12 @@ The text of each license is the standard Apache 2.0 
license.
     
https://mvnrepository.com/artifact/org.jetbrains.kotlinx/kotlinx-coroutines-jdk8/1.6.4
 Apache-2.0
     
https://mvnrepository.com/artifact/org.jetbrains.kotlinx/kotlinx-coroutines-reactive/1.6.4
 Apache-2.0
     https://mvnrepository.com/artifact/org.jetbrains/annotations/13.0 
Apache-2.0
-    https://mvnrepository.com/artifact/org.lz4/lz4-java/1.7.1 Apache-2.0
+    https://mvnrepository.com/artifact/org.lz4/lz4-java/1.8.0 Apache-2.0
     https://mvnrepository.com/artifact/org.slf4j/jcl-over-slf4j/1.7.30 
Apache-2.0
     https://mvnrepository.com/artifact/org.slf4j/log4j-over-slf4j/1.7.30 
Apache-2.0
     https://mvnrepository.com/artifact/org.slf4j/slf4j-api/1.7.30 Apache-2.0
     https://mvnrepository.com/artifact/org.snakeyaml/snakeyaml-engine/2.6 
Apache-2.0
-    https://mvnrepository.com/artifact/org.xerial.snappy/snappy-java/1.1.8.1 
Apache-2.0
+    https://mvnrepository.com/artifact/org.xerial.snappy/snappy-java/1.1.8.4 
Apache-2.0
     https://mvnrepository.com/artifact/org.yaml/snakeyaml/2.0 Apache-2.0
     https://npmjs.com/package/typescript/v/4.7.4 4.7.4 Apache-2.0
 
@@ -608,7 +608,7 @@ 
https://opensource.org/licenses/BSD-2-Clause;description=BSD 2-Clause License li
 The following components are provided under the 
https://opensource.org/licenses/BSD-2-Clause;description=BSD 2-Clause License 
License. See project link for details.
 The text of each license is also included in licenses/LICENSE-[project].txt.
 
-    https://mvnrepository.com/artifact/com.github.luben/zstd-jni/1.4.9-1 
https://opensource.org/licenses/BSD-2-Clause;description=BSD 2-Clause License
+    https://mvnrepository.com/artifact/com.github.luben/zstd-jni/1.5.2-1 
https://opensource.org/licenses/BSD-2-Clause;description=BSD 2-Clause License
 
 ========================================================================
 https://spdx.org/licenses/MIT-0.html licenses
diff --git a/docs/en/changes/changes.md b/docs/en/changes/changes.md
index 544b6fad72..1a1b0693d0 100644
--- a/docs/en/changes/changes.md
+++ b/docs/en/changes/changes.md
@@ -93,6 +93,7 @@
     - API `/api/v1/labels` and `/api/v1/label/<label_name>/values` support 
return matched metrics labels.
   - OAL:
     - Deprecate `percentile` function and introduce `percentile2` function 
instead.
+* Bump up Kafka to fix CVE.
 * Fix `NullPointerException` in Istio ServiceEntry registry.
 
 #### UI
diff --git a/oap-server-bom/pom.xml b/oap-server-bom/pom.xml
index 277263584d..9003f243f9 100644
--- a/oap-server-bom/pom.xml
+++ b/oap-server-bom/pom.xml
@@ -73,7 +73,7 @@
         <httpcore.version>4.4.13</httpcore.version>
         <commons-compress.version>1.21</commons-compress.version>
         <banyandb-java-client.version>0.5.0</banyandb-java-client.version>
-        <kafka-clients.version>2.8.1</kafka-clients.version>
+        <kafka-clients.version>3.4.0</kafka-clients.version>
         <spring-kafka-test.version>2.4.6.RELEASE</spring-kafka-test.version>
         <consul.client.version>1.5.3</consul.client.version>
         <commons-net.version>3.9.0</commons-net.version>