[
https://issues.apache.org/jira/browse/KAFKA-14988?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Divij Vaidya updated KAFKA-14988:
---------------------------------
Description:
Current version of ScalaCollectionCompact library in trunk 2.6.0 suffers from a
critical [CVE-2022-36944|https://github.com/advisories/GHSA-8qv5-68g4-248j]
The CVE does not impact Kafka as per
https://issues.apache.org/jira/browse/KAFKA-14267 (hence, not marking this as
critical) and is fixed in ScalaCollectionCompact v2.9 as per
[https://github.com/scala/scala-collection-compat/pull/569]
was:
Current version of ScalaCollectionCompact library in trunk 2.6.0 suffers from a
critical [CVE-2022-36944|https://github.com/advisories/GHSA-8qv5-68g4-248j]
The CVE does not impact Kafka as per
https://issues.apache.org/jira/browse/KAFKA-14267 and is fixed in
ScalaCollectionCompact v2.9 as per
[https://github.com/scala/scala-collection-compat/pull/569]
> Upgrade scalaCollectionCompact to v2.9 for CVE-2022-36944
> ---------------------------------------------------------
>
> Key: KAFKA-14988
> URL: https://issues.apache.org/jira/browse/KAFKA-14988
> Project: Kafka
> Issue Type: Improvement
> Reporter: Divij Vaidya
> Priority: Minor
> Fix For: 3.6.0
>
>
> Current version of ScalaCollectionCompact library in trunk 2.6.0 suffers from
> a critical [CVE-2022-36944|https://github.com/advisories/GHSA-8qv5-68g4-248j]
>
> The CVE does not impact Kafka as per
> https://issues.apache.org/jira/browse/KAFKA-14267 (hence, not marking this
> as critical) and is fixed in ScalaCollectionCompact v2.9 as per
> [https://github.com/scala/scala-collection-compat/pull/569]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
