[jira] [Updated] (KAFKA-8952) Vulnerabilities found for jackson-databind-2.9.9.jar and guava-20.0.jar in latest Apache-kafka latest version 2.3.0

Matthias J. Sax (Jira) Sat, 28 Sep 2019 10:52:18 -0700


     [ 
https://issues.apache.org/jira/browse/KAFKA-8952?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Matthias J. Sax updated KAFKA-8952:
-----------------------------------
    Fix Version/s: 2.3.1

> Vulnerabilities found for jackson-databind-2.9.9.jar and guava-20.0.jar in 
> latest Apache-kafka latest version 2.3.0
> -------------------------------------------------------------------------------------------------------------------
>
>                 Key: KAFKA-8952
>                 URL: https://issues.apache.org/jira/browse/KAFKA-8952
>             Project: Kafka
>          Issue Type: New Feature
>    Affects Versions: 2.3.0
>            Reporter: Namrata Kokate
>            Priority: Blocker
>             Fix For: 2.3.1
>
>
> I am currently using apache kafka latest version-2.3.0, however When I 
> deployed the binary on the containers, I can see the vulnerability reported 
> for the two jars - jackson-databind-2.9.9.jar and  guava-20.0.jar
>  
> I can see these vulnerabilities have been removed in the 
> jackson-databind-2.9.10.jar and guava-24.1.1-jre.jar jars but the 
> apache-kafka version 2.3.0 does not include these new jars.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Updated] (KAFKA-8952) Vulnerabilities found for jackson-databind-2.9.9.jar and guava-20.0.jar in latest Apache-kafka latest version 2.3.0

Reply via email to