[ https://issues.apache.org/jira/browse/KAFKA-8952?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Matthias J. Sax updated KAFKA-8952: ----------------------------------- Priority: Blocker (was: Major) > Vulnerabilities found for jackson-databind-2.9.9.jar and guava-20.0.jar in > latest Apache-kafka latest version 2.3.0 > ------------------------------------------------------------------------------------------------------------------- > > Key: KAFKA-8952 > URL: https://issues.apache.org/jira/browse/KAFKA-8952 > Project: Kafka > Issue Type: New Feature > Affects Versions: 2.3.0 > Reporter: Namrata Kokate > Priority: Blocker > > I am currently using apache kafka latest version-2.3.0, however When I > deployed the binary on the containers, I can see the vulnerability reported > for the two jars - jackson-databind-2.9.9.jar and guava-20.0.jar > > I can see these vulnerabilities have been removed in the > jackson-databind-2.9.10.jar and guava-24.1.1-jre.jar jars but the > apache-kafka version 2.3.0 does not include these new jars. -- This message was sent by Atlassian Jira (v8.3.4#803005)