You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "Thomas Cooper (Jira)" <ji...@apache.org> on 2022/07/04 16:27:00 UTC
[jira] [Created] (KAFKA-14044) Upgrade Netty and Jackson for CVE fixes
Thomas Cooper created KAFKA-14044:
-------------------------------------
Summary: Upgrade Netty and Jackson for CVE fixes
Key: KAFKA-14044
URL: https://issues.apache.org/jira/browse/KAFKA-14044
Project: Kafka
Issue Type: Bug
Reporter: Thomas Cooper
Assignee: Thomas Cooper
There are a couple of CVEs for netty and Jackson:
Netty: [CVE-2022-24823|https://www.cve.org/CVERecord?id=CVE-2022-24823] - Fixed by upgrading to 4.1.77+
Jackson: [CVE-2020-36518|https://www.cve.org/CVERecord?id=CVE-2020-36518] - Fixed by upgrading to 2.13.0+
--
This message was sent by Atlassian Jira
(v8.20.10#820010)