mooner created KAFKA-16825: ------------------------------ Summary: CVE vulnerabilities in Jetty and netty Key: KAFKA-16825 URL: https://issues.apache.org/jira/browse/KAFKA-16825 Project: Kafka Issue Type: Task Affects Versions: 3.7.0 Reporter: mooner
There is a vulnerability (CVE-2024-29025) in the passive dependency software Netty used by Kafka, which has been fixed in version 4.1.108.Final. There is also a vulnerability (CVE-2024-22201) in the passive dependency software Jetty, which has been fixed in version 9.4.54.v20240208. When will Kafka upgrade the versions of Netty and Jetty to fix these two vulnerabilities? Reference website: https://nvd.nist.gov/vuln/detail/CVE-2024-29025 https://nvd.nist.gov/vuln/detail/CVE-2024-22201 -- This message was sent by Atlassian Jira (v8.20.10#820010)