You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by "Thomas Cooper (Jira)" <ji...@apache.org> on 2022/07/04 16:27:00 UTC

[jira] [Created] (KAFKA-14044) Upgrade Netty and Jackson for CVE fixes

Thomas Cooper created KAFKA-14044:
-------------------------------------

             Summary: Upgrade Netty and Jackson for CVE fixes
                 Key: KAFKA-14044
                 URL: https://issues.apache.org/jira/browse/KAFKA-14044
             Project: Kafka
          Issue Type: Bug
            Reporter: Thomas Cooper
            Assignee: Thomas Cooper


There are a couple of CVEs for netty and Jackson:

Netty: [CVE-2022-24823|https://www.cve.org/CVERecord?id=CVE-2022-24823] - Fixed by upgrading to 4.1.77+

Jackson: [CVE-2020-36518|https://www.cve.org/CVERecord?id=CVE-2020-36518] - Fixed by upgrading to 2.13.0+



--
This message was sent by Atlassian Jira
(v8.20.10#820010)