Hi KafkaTeam, We are using Kafka 2.4 but anchore scan is giving below list. Is there anything we can do or do we need to wait for next release? Thanks for your support. Best Regards Satya Kotni
+----------------+----------+ 0s 2 21 +-------------+----------+------------------------+--------------+---------+----------------+-------------------------------------------------+ 62s 22 | WHITELISTED | SEVERITY | PACKAGE | PACKAGE TYPE | VERSION | VULNERABILITY | URL | 62s 23 +-------------+----------+------------------------+--------------+---------+----------------+-------------------------------------------------+ 62s 24 | true | Medium | connect-2.2.0 | java | 2.2.0 | CVE-2013-7371 | https://nvd.nist.gov/vuln/detail/CVE-2013-7371 | 62s 25 | true | Medium | connect-2.2.0 | java | 2.2.0 | CVE-2013-7370 | https://nvd.nist.gov/vuln/detail/CVE-2013-7370 | 62s 26 | true | Medium | connect-2.2.0 | java | 2.2.0 | CVE-2013-7371 | https://nvd.nist.gov/vuln/detail/CVE-2013-7371 | 62s 27 | true | Medium | connect-2.2.0 | java | 2.2.0 | CVE-2013-7370 | https://nvd.nist.gov/vuln/detail/CVE-2013-7370 | 62s 28 | true | Medium | connect-2.2.0 | java | 2.2.0 | CVE-2013-7371 | https://nvd.nist.gov/vuln/detail/CVE-2013-7371 | 62s 29 | true | Medium | connect-2.2.0 | java | 2.2.0 | CVE-2013-7370 | https://nvd.nist.gov/vuln/detail/CVE-2013-7370 | 62s 30 | true | Medium | connect-2.2.0 | java | 2.2.0 | CVE-2013-7371 | https://nvd.nist.gov/vuln/detail/CVE-2013-7371 | 62s 31 | true | Medium | connect-2.2.0 | java | 2.2.0 | CVE-2013-7370 | https://nvd.nist.gov/vuln/detail/CVE-2013-7370 | 62s 32 | true | Medium | connect-2.2.0 | java | 2.2.0 | CVE-2013-7371 | https://nvd.nist.gov/vuln/detail/CVE-2013-7371 | 62s 33 | true | Medium | connect-2.2.0 | java | 2.2.0 | CVE-2013-7370 | https://nvd.nist.gov/vuln/detail/CVE-2013-7370 | 62s 34 | true | Medium | connect-2.2.0 | java | 2.2.0 | CVE-2013-7371 | https://nvd.nist.gov/vuln/detail/CVE-2013-7371 | 62s 35 | true | Medium | connect-2.2.0 | java | 2.2.0 | CVE-2013-7370 | https://nvd.nist.gov/vuln/detail/CVE-2013-7370 | 62s 36 | true | Medium | guava-20.0 | java | 20.0 | CVE-2018-10237 | https://nvd.nist.gov/vuln/detail/CVE-2018-10237 | 62s 37 | true | High | jackson-databind-2.9.8 | java | 2.9.8 | CVE-2019-17531 | https://nvd.nist.gov/vuln/detail/CVE-2019-17531 | 62s 38 | true | High | jackson-databind-2.9.8 | java | 2.9.8 | CVE-2019-17267 | https://nvd.nist.gov/vuln/detail/CVE-2019-17267 | 62s 39 | true | High | jackson-databind-2.9.8 | java | 2.9.8 | CVE-2019-16943 | https://nvd.nist.gov/vuln/detail/CVE-2019-16943 | 62s 40 | true | High | jackson-databind-2.9.8 | java | 2.9.8 | CVE-2019-16942 | https://nvd.nist.gov/vuln/detail/CVE-2019-16942 | 62s 41 | true | High | jackson-databind-2.9.8 | java | 2.9.8 | CVE-2019-14379 | https://nvd.nist.gov/vuln/detail/CVE-2019-14379 | 62s 42 | true | High | jackson-databind-2.9.8 | java | 2.9.8 | CVE-2019-16335 | https://nvd.nist.gov/vuln/detail/CVE-2019-16335 | 62s 43 | true | High | jackson-databind-2.9.8 | java | 2.9.8 | CVE-2019-14540 | https://nvd.nist.gov/vuln/detail/CVE-2019-14540 | 62s 44 | true | Medium | jackson-databind-2.9.8 | java | 2.9.8 | CVE-2019-12384 | https://nvd.nist.gov/vuln/detail/CVE-2019-12384 | 62s 45 | true | Medium | jackson-databind-2.9.8 | java | 2.9.8 | CVE-2019-14439 | https://nvd.nist.gov/vuln/detail/CVE-2019-14439 | 62s 46 | true | Medium | jackson-databind-2.9.8 | java | 2.9.8 | CVE-2019-12814 | https://nvd.nist.gov/vuln/detail/CVE-2019-12814 | 62s 47 | true | Medium | jackson-databind-2.9.8 | java | 2.9.8 | CVE-2019-12086 | https://nvd.nist.gov/vuln/detail/CVE-2019-12086 | 62s 48 | true | High | log4j-1.2.17 | java | 1.2.17 | CVE-2019-17571 | https://nvd.nist.gov/vuln/detail/CVE-2019-17571 | 62s 49 | true | Medium | zookeeper-3.4.13 | java | 3.4.13 | CVE-2019-0201 | https://nvd.nist.gov/vuln/detail/CVE-2019-0201 | 62s 50 +-------------+----------+------------------------+--------------+---------+----------------+-------------------------------------------------+ 62s 51 +----------+------+------+------------------------+--------------+---------+-------------------------------------------------+----------------+ 62s 52 | SEVERITY | FEED | FIX | PACKAGE | PACKAGE TYPE | VERSION | URL | VULNERABILITY | 62s 53 +----------+------+------+------------------------+--------------+---------+-------------------------------------------------+----------------+ 62s 54 | Medium | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2013-7371 | CVE-2013-7371 | 62s 55 | Medium | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2013-7370 | CVE-2013-7370 | 62s 56 | Low | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2018-3717 | CVE-2018-3717 | 62s 57 | Medium | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2013-7371 | CVE-2013-7371 | 62s 58 | Medium | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2013-7370 | CVE-2013-7370 | 62s 59 | Low | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2018-3717 | CVE-2018-3717 | 62s 60 | Medium | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2013-7371 | CVE-2013-7371 | 62s 61 | Medium | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2013-7370 | CVE-2013-7370 | 62s 62 | Low | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2018-3717 | CVE-2018-3717 | 62s 63 | Medium | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2013-7371 | CVE-2013-7371 | 62s 64 | Medium | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2013-7370 | CVE-2013-7370 | 62s 65 | Low | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2018-3717 | CVE-2018-3717 | 62s 66 | Medium | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2013-7371 | CVE-2013-7371 | 62s 67 | Medium | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2013-7370 | CVE-2013-7370 | 62s 68 | Low | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2018-3717 | CVE-2018-3717 | 62s 69 | Medium | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2013-7371 | CVE-2013-7371 | 62s 70 | Medium | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2013-7370 | CVE-2013-7370 | 62s 71 | Low | nvd | None | connect-2.2.0 | java | 2.2.0 | https://nvd.nist.gov/vuln/detail/CVE-2018-3717 | CVE-2018-3717 | 62s 72 | Medium | nvd | None | guava-20.0 | java | 20.0 | https://nvd.nist.gov/vuln/detail/CVE-2018-10237 | CVE-2018-10237 | 62s 73 | High | nvd | None | jackson-databind-2.9.8 | java | 2.9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-17531 | CVE-2019-17531 | 62s 74 | High | nvd | None | jackson-databind-2.9.8 | java | 2.9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-17267 | CVE-2019-17267 | 62s 75 | High | nvd | None | jackson-databind-2.9.8 | java | 2.9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16943 | CVE-2019-16943 | 62s 76 | High | nvd | None | jackson-databind-2.9.8 | java | 2.9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16942 | CVE-2019-16942 | 62s 77 | High | nvd | None | jackson-databind-2.9.8 | java | 2.9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-14379 | CVE-2019-14379 | 62s 78 | High | nvd | None | jackson-databind-2.9.8 | java | 2.9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-16335 | CVE-2019-16335 | 62s 79 | High | nvd | None | jackson-databind-2.9.8 | java | 2.9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-14540 | CVE-2019-14540 | 62s 80 | Medium | nvd | None | jackson-databind-2.9.8 | java | 2.9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-12384 | CVE-2019-12384 | 62s 81 | Medium | nvd | None | jackson-databind-2.9.8 | java | 2.9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-14439 | CVE-2019-14439 | 62s 82 | Medium | nvd | None | jackson-databind-2.9.8 | java | 2.9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-12814 | CVE-2019-12814 | 62s 83 | Medium | nvd | None | jackson-databind-2.9.8 | java | 2.9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-12086 | CVE-2019-12086 | 62s 84 | High | nvd | None | log4j-1.2.17 | java | 1.2.17 | https://nvd.nist.gov/vuln/detail/CVE-2019-17571 | CVE-2019-17571 | 62s 85 | Medium | nvd | None | zookeeper-3.4.13 | java | 3.4.13 | https://nvd.nist.gov/vuln/detail/CVE-2019-0201 | CVE-2019-0201 | 62s 86 +----------+------+------+------------------------+--------------+---------+-------------------------------------------------+----------------+ 62s 87 +---------------------------+-------------------------------------------------------+ 62s 88 | Docker Image | docker.digital.homeoffice.gov.uk/mma/mma-kafka:latest | 62s 89 | Dockerfile Path | | 62s 90 | Toleration (>=) | low | 62s 91 | Skipped | 16 | 62s 92 | Vulnerabilities Failed On | 0 | 62s 93 | Vulnerabilities Total | 32 | 62s 94 | Timeout | 20m0s | 62s 95 | Scan Time | 1m2.007477261s | 62s 96 +---------------------------+-------------------------------------------------------+ 62s exit code 0 Please ensure that any communication with the Home Office is via an official account ending with digital.homeoffice.gov.uk, homeoffice.gov.uk or homeoffice.gsi.gov.uk. This email and any files transmitted with it are private and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please return it to the address it came from telling them it is not for you and then delete it from your system. Communications via the digital.homeoffice.gov.uk domain may be automatically logged, monitored and/or recorded for legal purposes. This email message has been swept for computer viruses.
