You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "Divij Vaidya (Jira)" <ji...@apache.org> on 2023/05/11 08:42:00 UTC
[jira] [Created] (KAFKA-14988) Upgrade scalaCollectionCompact to v2.9 for CVE-2022-36944
Divij Vaidya created KAFKA-14988:
------------------------------------
Summary: Upgrade scalaCollectionCompact to v2.9 for CVE-2022-36944
Key: KAFKA-14988
URL: https://issues.apache.org/jira/browse/KAFKA-14988
Project: Kafka
Issue Type: Improvement
Reporter: Divij Vaidya
Current version of ScalaCollectionCompact library in trunk 2.6.0 suffers from a critical [CVE-2022-36944|https://github.com/advisories/GHSA-8qv5-68g4-248j]
The CVE does not impact Kafka as per https://issues.apache.org/jira/browse/KAFKA-14267 and is fixed in ScalaCollectionCompact v2.9 as per [https://github.com/scala/scala-collection-compat/pull/569]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)