Boojapho created KAFKA-12820: -------------------------------- Summary: Upgrade maven-artifact dependency to resolve CVE-2021-26291 Key: KAFKA-12820 URL: https://issues.apache.org/jira/browse/KAFKA-12820 Project: Kafka Issue Type: Task Components: build Affects Versions: 2.7.1, 2.8.0, 2.6.1 Reporter: Boojapho
Current Gradle builds of Kafka contain a dependency of `maven-artifact` version 3.6.3, which contains CVE-2021-26291 ([https://nvd.nist.gov/vuln/detail/CVE-2021-26291).] This vulnerability has been fixed in Maven 3.8.1 ([https://maven.apache.org/docs/3.8.1/release-notes.html]). Apache Kafka should update `dependencies.gradle` to use the latest `maven-artifact` library to eliminate this vulnerability. -- This message was sent by Atlassian Jira (v8.3.4#803005)