Thanks Namrata, I think we should fix this for upcoming 2.3.1 release.
-Matthias On 9/26/19 10:58 PM, namrata kokate wrote: > Hi, > > I am currently using apache kafka latest version-2.3.0 from the official > site https://kafka.apache.org/downloads, however When I deployed the binary > on the containers, I can see the vulnerability reported for the two jars - > jackson-databind-2.9.9.jar and guava-20.0.jar > > I can see these vulnerabilities have been removed in > the jackson-databind-2.9.10.jar and guava-24.1.1-jre.jar jars but the > apache-kafka version 2.3.0 does not include these new jars. Can you help > me with this? > > Regards, > Namrata Kokate >
signature.asc
Description: OpenPGP digital signature
