You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "Arushi Rai (Jira)" <ji...@apache.org> on 2023/05/17 15:19:00 UTC
[jira] [Created] (KAFKA-15002) Moderate vulnerability in org.bitbucket.b_c_jose4j
Arushi Rai created KAFKA-15002:
----------------------------------
Summary: Moderate vulnerability in org.bitbucket.b_c_jose4j
Key: KAFKA-15002
URL: https://issues.apache.org/jira/browse/KAFKA-15002
Project: Kafka
Issue Type: Task
Affects Versions: 3.3.2, 3.4.0
Reporter: Arushi Rai
Kafka is using package org.bitbucket.b_c_jose4j on versionĀ 0.7.9 where medium vulnerability is reported [GHSA-jgvc-jfgh-rjvv|https://github.com/advisories/GHSA-jgvc-jfgh-rjvv].
Fix is available in version 0.9.3 and Kafka should look to update to the fix version.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)