Hello Team,


Could you please confirm the plan to release a new Kafka version that includes 
fixes for vulnerabilities identified primarily in transient dependencies such 
as Jackson, JLine, OpenTelemetry and a few others?



These are detected in kafka v4.3.0.



Below is the list of identified vulnerabilities for reference:



Kafka core

CVE-2026-41115



OpenTelemetry

CVE-2026-39882

CVE-2026-41078

CVE-2026-40894

CVE-2026-44967



JLine

GHSA-2r2c-cx56-8933

GHSA-47qp-hqvx-6r3f

XRAY-1005950

XRAY-1005951



Jackson -

CVE-2026-54512

CVE-2026-54513

CVE-2026-54514

CVE-2026-54515

CVE-2026-54516

CVE-2026-54517

CVE-2026-54518



Regards
Vivek

Reply via email to