Rafael Rios Saavedra created KAFKA-15487: --------------------------------------------
Summary: CVE-2023-40167, CVE-2023-36479 - Upgrade jetty to 9.4.52, 10.0.16, 11.0.16, 12.0.1 Key: KAFKA-15487 URL: https://issues.apache.org/jira/browse/KAFKA-15487 Project: Kafka Issue Type: Bug Affects Versions: 2.7.0, 2.6.1 Reporter: Rafael Rios Saavedra Assignee: Dongjin Lee Fix For: 2.8.0, 2.7.1, 2.6.2, 3.0.0 *CVE-2021-28165* vulnerability affects Jetty versions up to *9.4.38*. For more information see [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28165] Upgrading to Jetty version *9.4.39* should address this issue ([https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.39.v20210325)|https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.39.v20210325]. -- This message was sent by Atlassian Jira (v8.20.10#820010)