Re: [PR] MINOR: Upgrade scala-logging to 3.9.5 [kafka]
viktorsomogyi merged PR #15914: URL: https://github.com/apache/kafka/pull/15914 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] MINOR: Upgrade scala-logging to 3.9.5 [kafka]
viktorsomogyi commented on PR #15914: URL: https://github.com/apache/kafka/pull/15914#issuecomment-2141793790 @urbandan @akatona84 would you please review this? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] MINOR: Upgrade scala-logging to 3.9.5 [kafka]
viktorsomogyi commented on PR #15914: URL: https://github.com/apache/kafka/pull/15914#issuecomment-2136890317 @sjhajharia thanks for highlighting the CVE, it's important to consider them. This version bump doesn't fix the CVE indeed as you highlighted, but it is present in older versions too, so it doesn't really make it worse either. My reason for this version bump is simply to get in sync with our downstream software and also 3.9.5 depends on slf4j-1.7.36 which is Kafka's current slf4j dependency, whereas 3.9.4 depends on slf4j-1.7.30. So in this sense it's more about aligning dependencies rather than fixing CVEs. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] MINOR: Upgrade scala-logging to 3.9.5 [kafka]
sjhajharia commented on PR #15914: URL: https://github.com/apache/kafka/pull/15914#issuecomment-2122006555 @viktorsomogyi I see that both scala-logging 3.9.5 and 3.9.4 have the same vulnerability coming in from `[CVE-2023-6378]`. Is there a reason thus that we want this upgrade? ref: https://mvnrepository.com/artifact/com.typesafe.scala-logging/scala-logging_3/3.9.5 https://mvnrepository.com/artifact/com.typesafe.scala-logging/scala-logging_3/3.9.4 Thanks! -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
Re: [PR] MINOR: Upgrade scala-logging to 3.9.5 [kafka]
viktorsomogyi commented on PR #15914: URL: https://github.com/apache/kafka/pull/15914#issuecomment-2104207428 @ijuma would you please review this small PR? -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[PR] MINOR: Upgrade scala-logging to 3.9.5 [kafka]
viktorsomogyi opened a new pull request, #15914: URL: https://github.com/apache/kafka/pull/15914 ### Committer Checklist (excluded from commit message) - [ ] Verify design and implementation - [ ] Verify test coverage and CI build status - [ ] Verify documentation (including upgrade notes) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: jira-unsubscr...@kafka.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
