Boojapho created KAFKA-12820:
--------------------------------
Summary: Upgrade maven-artifact dependency to resolve
CVE-2021-26291
Key: KAFKA-12820
URL: https://issues.apache.org/jira/browse/KAFKA-12820
Project: Kafka
Issue Type: Task
Components: build
Affects Versions: 2.7.1, 2.8.0, 2.6.1
Reporter: Boojapho
Current Gradle builds of Kafka contain a dependency of `maven-artifact` version
3.6.3, which contains CVE-2021-26291
([https://nvd.nist.gov/vuln/detail/CVE-2021-26291).] This vulnerability has
been fixed in Maven 3.8.1
([https://maven.apache.org/docs/3.8.1/release-notes.html]). Apache Kafka
should update `dependencies.gradle` to use the latest `maven-artifact` library
to eliminate this vulnerability.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
