Our team is looking to move to the latest 3.x version of Kafka. The latest available, version 3.9.1, currently has the high score CVE-2025-48734. The culprit is a dependency on commons-beanutils-1.9.4.jar.
Are there any future plans to mitigate this CVE in a 3.9.x update? -- This e-mail and any attachments are intended only for the use of the addressee(s) named herein and may contain proprietary information. If you are not the intended recipient of this e-mail or believe that you received this email in error, please take immediate action to notify the sender of the apparent error by reply e-mail; permanently delete the e-mail and any attachments from your computer; and do not disseminate, distribute, use, or copy this message and any attachments.
