priyatama created KAFKA-15128: --------------------------------- Summary: snappy-java-1.1.8.4.jar library vulnerability Key: KAFKA-15128 URL: https://issues.apache.org/jira/browse/KAFKA-15128 Project: Kafka Issue Type: Bug Components: clients Affects Versions: 3.4.0 Reporter: priyatama Attachments: Screenshot 2023-06-27 at 12.30.51 PM.png
Hi Team, we found new vulnerability introduced in snappy-java-1.1.8.4 library, so we need to get rid of it. !Screenshot 2023-06-27 at 12.30.51 PM.png|width=321,height=230! during analysis, we found snappy-java coming via kafka-clients. As our application is not directly using snappy-java jar. Can any one please explain what is use of snappy-java in kafka-client or can we exclude that? Latest kafka-client also having vulnerable snappy-jar, by when kafka-client will release next version which is having non-vulnerable snappy-java jar in it? -- This message was sent by Atlassian Jira (v8.20.10#820010)