This is an automated email from the ASF dual-hosted git repository.
manikumar pushed a commit to branch 2.8
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/2.8 by this push:
new 675bd1c KAFKA-12820: Upgrade maven-artifact dependency to resolve
CVE-2021-26291
675bd1c is described below
commit 675bd1ca823c6ae4fc9a9ee46dce0eafdf4aaa18
Author: Lee Dongjin <[email protected]>
AuthorDate: Fri May 21 16:07:07 2021 +0900
KAFKA-12820: Upgrade maven-artifact dependency to resolve CVE-2021-26291
CVE-2021-26291, which makes Man-In-The-Middle-Attack possible, was fixed in
maven 3.8.1.
Reviewers: Luke Chen <[email protected]>, Manikumar Reddy
<[email protected]>
---
gradle/dependencies.gradle | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/gradle/dependencies.gradle b/gradle/dependencies.gradle
index 9a75442..1948aea 100644
--- a/gradle/dependencies.gradle
+++ b/gradle/dependencies.gradle
@@ -97,7 +97,7 @@ versions += [
kafka_26: "2.6.2",
kafka_27: "2.7.0",
lz4: "1.7.1",
- mavenArtifact: "3.6.3",
+ mavenArtifact: "3.8.1",
metrics: "2.2.0",
mockito: "3.6.0",
netty: "4.1.62.Final",
