[jira] [Updated] (KAFKA-13805) Upgrade vulnerable dependencies march 2022
[ https://issues.apache.org/jira/browse/KAFKA-13805?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shivakumar updated KAFKA-13805: --- Reviewer: Abhishek > Upgrade vulnerable dependencies march 2022 > -- > > Key: KAFKA-13805 > URL: https://issues.apache.org/jira/browse/KAFKA-13805 > Project: Kafka > Issue Type: Bug >Affects Versions: 2.8.1, 3.0.1 >Reporter: Shivakumar >Priority: Blocker > Labels: secutiry > > https://nvd.nist.gov/vuln/detail/CVE-2020-36518 > |Packages|Package Version|CVSS|Fix Status| > |com.fasterxml.jackson.core_jackson-databind| 2.10.5.1| 7.5|fixed in 2.13.2.1| > |com.fasterxml.jackson.core_jackson-databind|2.13.1|7.5|fixed in 2.13.2.1| > Our security scan detected the above vulnerabilities > upgrade to correct versions for fixing vulnerabilities -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (KAFKA-13805) Upgrade vulnerable dependencies march 2022
[ https://issues.apache.org/jira/browse/KAFKA-13805?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Manikumar updated KAFKA-13805: -- Fix Version/s: (was: 2.8.2) (was: 3.0.2) > Upgrade vulnerable dependencies march 2022 > -- > > Key: KAFKA-13805 > URL: https://issues.apache.org/jira/browse/KAFKA-13805 > Project: Kafka > Issue Type: Bug >Affects Versions: 2.8.1, 3.0.1 >Reporter: Shivakumar >Priority: Blocker > Labels: secutiry > > https://nvd.nist.gov/vuln/detail/CVE-2020-36518 > |Packages|Package Version|CVSS|Fix Status| > |com.fasterxml.jackson.core_jackson-databind| 2.10.5.1| 7.5|fixed in 2.13.2.1| > |com.fasterxml.jackson.core_jackson-databind|2.13.1|7.5|fixed in 2.13.2.1| > Our security scan detected the above vulnerabilities > upgrade to correct versions for fixing vulnerabilities -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Updated] (KAFKA-13805) Upgrade vulnerable dependencies march 2022
[ https://issues.apache.org/jira/browse/KAFKA-13805?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bruno Cadonna updated KAFKA-13805: -- Description: https://nvd.nist.gov/vuln/detail/CVE-2020-36518 |Packages|Package Version|CVSS|Fix Status| |com.fasterxml.jackson.core_jackson-databind| 2.10.5.1| 7.5|fixed in 2.13.2.1| |com.fasterxml.jackson.core_jackson-databind|2.13.1|7.5|fixed in 2.13.2.1| Our security scan detected the above vulnerabilities upgrade to correct versions for fixing vulnerabilities was: |Packages|Package Version|CVSS|Fix Status| |com.fasterxml.jackson.core_jackson-databind| 2.10.5.1| 7.5|fixed in 2.13.0| |com.fasterxml.jackson.core_jackson-databind|2.13.1|7.5|fixed in 2.13.0| Our security scan detected the above vulnerabilities upgrade to correct versions for fixing vulnerabilities > Upgrade vulnerable dependencies march 2022 > -- > > Key: KAFKA-13805 > URL: https://issues.apache.org/jira/browse/KAFKA-13805 > Project: Kafka > Issue Type: Bug >Affects Versions: 2.8.1, 3.0.1 >Reporter: Shivakumar >Priority: Blocker > Labels: secutiry > Fix For: 2.8.2, 3.0.2 > > > https://nvd.nist.gov/vuln/detail/CVE-2020-36518 > |Packages|Package Version|CVSS|Fix Status| > |com.fasterxml.jackson.core_jackson-databind| 2.10.5.1| 7.5|fixed in 2.13.2.1| > |com.fasterxml.jackson.core_jackson-databind|2.13.1|7.5|fixed in 2.13.2.1| > Our security scan detected the above vulnerabilities > upgrade to correct versions for fixing vulnerabilities -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (KAFKA-13805) Upgrade vulnerable dependencies march 2022
[ https://issues.apache.org/jira/browse/KAFKA-13805?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bruno Cadonna updated KAFKA-13805: -- Fix Version/s: (was: 3.1.2) > Upgrade vulnerable dependencies march 2022 > -- > > Key: KAFKA-13805 > URL: https://issues.apache.org/jira/browse/KAFKA-13805 > Project: Kafka > Issue Type: Bug >Affects Versions: 2.8.1, 3.0.1, 3.1.1 >Reporter: Shivakumar >Priority: Blocker > Labels: secutiry > Fix For: 2.8.2, 3.0.2 > > > |Packages|Package Version|CVSS|Fix Status| > |com.fasterxml.jackson.core_jackson-databind| 2.10.5.1| 7.5|fixed in 2.13.0| > |com.fasterxml.jackson.core_jackson-databind|2.13.1|7.5|fixed in 2.13.0| > Our security scan detected the above vulnerabilities > upgrade to correct versions for fixing vulnerabilities -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (KAFKA-13805) Upgrade vulnerable dependencies march 2022
[ https://issues.apache.org/jira/browse/KAFKA-13805?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bruno Cadonna updated KAFKA-13805: -- Affects Version/s: (was: 3.1.1) > Upgrade vulnerable dependencies march 2022 > -- > > Key: KAFKA-13805 > URL: https://issues.apache.org/jira/browse/KAFKA-13805 > Project: Kafka > Issue Type: Bug >Affects Versions: 2.8.1, 3.0.1 >Reporter: Shivakumar >Priority: Blocker > Labels: secutiry > Fix For: 2.8.2, 3.0.2 > > > |Packages|Package Version|CVSS|Fix Status| > |com.fasterxml.jackson.core_jackson-databind| 2.10.5.1| 7.5|fixed in 2.13.0| > |com.fasterxml.jackson.core_jackson-databind|2.13.1|7.5|fixed in 2.13.0| > Our security scan detected the above vulnerabilities > upgrade to correct versions for fixing vulnerabilities -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (KAFKA-13805) Upgrade vulnerable dependencies march 2022
[ https://issues.apache.org/jira/browse/KAFKA-13805?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bruno Cadonna updated KAFKA-13805: -- Fix Version/s: 3.1.2 2.8.2 3.0.2 > Upgrade vulnerable dependencies march 2022 > -- > > Key: KAFKA-13805 > URL: https://issues.apache.org/jira/browse/KAFKA-13805 > Project: Kafka > Issue Type: Bug >Affects Versions: 2.8.1, 3.0.1, 3.1.1 >Reporter: Shivakumar >Priority: Blocker > Labels: secutiry > Fix For: 2.8.2, 3.0.2, 3.1.2 > > > |Packages|Package Version|CVSS|Fix Status| > |com.fasterxml.jackson.core_jackson-databind| 2.10.5.1| 7.5|fixed in 2.13.0| > |com.fasterxml.jackson.core_jackson-databind|2.13.1|7.5|fixed in 2.13.0| > Our security scan detected the above vulnerabilities > upgrade to correct versions for fixing vulnerabilities -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (KAFKA-13805) Upgrade vulnerable dependencies march 2022
[ https://issues.apache.org/jira/browse/KAFKA-13805?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bruno Cadonna updated KAFKA-13805: -- Priority: Blocker (was: Major) > Upgrade vulnerable dependencies march 2022 > -- > > Key: KAFKA-13805 > URL: https://issues.apache.org/jira/browse/KAFKA-13805 > Project: Kafka > Issue Type: Bug >Affects Versions: 2.8.1, 3.0.1, 3.1.1 >Reporter: Shivakumar >Priority: Blocker > Labels: secutiry > Fix For: 3.0.1, 3.2.0, 3.1.1 > > > |Packages|Package Version|CVSS|Fix Status| > |com.fasterxml.jackson.core_jackson-databind| 2.10.5.1| 7.5|fixed in 2.13.0| > |com.fasterxml.jackson.core_jackson-databind|2.13.1|7.5|fixed in 2.13.0| > Our security scan detected the above vulnerabilities > upgrade to correct versions for fixing vulnerabilities -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (KAFKA-13805) Upgrade vulnerable dependencies march 2022
[ https://issues.apache.org/jira/browse/KAFKA-13805?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bruno Cadonna updated KAFKA-13805: -- Fix Version/s: (was: 3.0.1) (was: 3.2.0) (was: 3.1.1) > Upgrade vulnerable dependencies march 2022 > -- > > Key: KAFKA-13805 > URL: https://issues.apache.org/jira/browse/KAFKA-13805 > Project: Kafka > Issue Type: Bug >Affects Versions: 2.8.1, 3.0.1, 3.1.1 >Reporter: Shivakumar >Priority: Blocker > Labels: secutiry > > |Packages|Package Version|CVSS|Fix Status| > |com.fasterxml.jackson.core_jackson-databind| 2.10.5.1| 7.5|fixed in 2.13.0| > |com.fasterxml.jackson.core_jackson-databind|2.13.1|7.5|fixed in 2.13.0| > Our security scan detected the above vulnerabilities > upgrade to correct versions for fixing vulnerabilities -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (KAFKA-13805) Upgrade vulnerable dependencies march 2022
[ https://issues.apache.org/jira/browse/KAFKA-13805?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bruno Cadonna updated KAFKA-13805: -- Affects Version/s: 3.0.1 3.1.1 > Upgrade vulnerable dependencies march 2022 > -- > > Key: KAFKA-13805 > URL: https://issues.apache.org/jira/browse/KAFKA-13805 > Project: Kafka > Issue Type: Bug >Affects Versions: 2.8.1, 3.0.1, 3.1.1 >Reporter: Shivakumar >Priority: Major > Labels: secutiry > Fix For: 3.0.1, 3.2.0, 3.1.1 > > > |Packages|Package Version|CVSS|Fix Status| > |com.fasterxml.jackson.core_jackson-databind| 2.10.5.1| 7.5|fixed in 2.13.0| > |com.fasterxml.jackson.core_jackson-databind|2.13.1|7.5|fixed in 2.13.0| > Our security scan detected the above vulnerabilities > upgrade to correct versions for fixing vulnerabilities -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (KAFKA-13805) Upgrade vulnerable dependencies march 2022
[ https://issues.apache.org/jira/browse/KAFKA-13805?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shivakumar updated KAFKA-13805: --- Description: |Packages|Package Version|CVSS|Fix Status| |com.fasterxml.jackson.core_jackson-databind| 2.10.5.1| 7.5|fixed in 2.13.0| |com.fasterxml.jackson.core_jackson-databind|2.13.1|7.5|fixed in 2.13.0| Our security scan detected the above vulnerabilities upgrade to correct versions for fixing vulnerabilities was: |Packages|Package Version|CVSS|Fix Status| |com.fasterxml.jackson.core_jackson-databind| 2.10.5.1| 7.5| fixed in 2.14, 2.13.1, 2.12.6| | | | | | Our security scan detected the above vulnerabilities upgrade to correct versions for fixing vulnerabilities > Upgrade vulnerable dependencies march 2022 > -- > > Key: KAFKA-13805 > URL: https://issues.apache.org/jira/browse/KAFKA-13805 > Project: Kafka > Issue Type: Bug >Affects Versions: 2.8.1 >Reporter: Shivakumar >Priority: Major > Labels: secutiry > Fix For: 3.0.1, 3.2.0, 3.1.1 > > > |Packages|Package Version|CVSS|Fix Status| > |com.fasterxml.jackson.core_jackson-databind| 2.10.5.1| 7.5|fixed in 2.13.0| > |com.fasterxml.jackson.core_jackson-databind|2.13.1|7.5|fixed in 2.13.0| > Our security scan detected the above vulnerabilities > upgrade to correct versions for fixing vulnerabilities -- This message was sent by Atlassian Jira (v8.20.1#820001)