Re: Vulnerabilities found for jackson-databind-2.9.9.jar and guava-20.0.jar in latest Apache-kafka latest version 2.3.0
Thank you for the update, I would like to know when can I expect this release? Regards, Namrata kokate On Sat, Sep 28, 2019, 11:21 PM Matthias J. Sax wrote: > Thanks Namrata, > > I think we should fix this for upcoming 2.3.1 release. > > -Matthias > > > On 9/26/19 10:58 PM, namrata kokate wrote: > > Hi, > > > > I am currently using apache kafka latest version-2.3.0 from the official > > site https://kafka.apache.org/downloads, however When I deployed the > binary > > on the containers, I can see the vulnerability reported for the two jars > - > > jackson-databind-2.9.9.jar and guava-20.0.jar > > > > I can see these vulnerabilities have been removed in > > the jackson-databind-2.9.10.jar and guava-24.1.1-jre.jar jars but the > > apache-kafka version 2.3.0 does not include these new jars. Can you help > > me with this? > > > > Regards, > > Namrata Kokate > > > >
[jira] [Created] (KAFKA-8952) Vulnerabilities found for jackson-databind-2.9.9.jar and guava-20.0.jar in latest Apache-kafka latest version 2.3.0
Namrata Kokate created KAFKA-8952: - Summary: Vulnerabilities found for jackson-databind-2.9.9.jar and guava-20.0.jar in latest Apache-kafka latest version 2.3.0 Key: KAFKA-8952 URL: https://issues.apache.org/jira/browse/KAFKA-8952 Project: Kafka Issue Type: New Feature Affects Versions: 2.3.0 Reporter: Namrata Kokate I am currently using apache kafka latest version-2.3.0, however When I deployed the binary on the containers, I can see the vulnerability reported for the two jars - jackson-databind-2.9.9.jar and guava-20.0.jar I can see these vulnerabilities have been removed in the jackson-databind-2.9.10.jar and guava-24.1.1-jre.jar jars but the apache-kafka version 2.3.0 does not include these new jars. -- This message was sent by Atlassian Jira (v8.3.4#803005)
Vulnerabilities found for jackson-databind-2.9.9.jar and guava-20.0.jar in latest Apache-kafka latest version 2.3.0
Hi, I am currently using apache kafka latest version-2.3.0 from the official site https://kafka.apache.org/downloads, however When I deployed the binary on the containers, I can see the vulnerability reported for the two jars - jackson-databind-2.9.9.jar and guava-20.0.jar I can see these vulnerabilities have been removed in the jackson-databind-2.9.10.jar and guava-24.1.1-jre.jar jars but the apache-kafka version 2.3.0 does not include these new jars. Can you help me with this? Regards, Namrata Kokate
