[jira] [Updated] (KAFKA-13658) Upgrade vulnerable dependencies jan 2022
[ https://issues.apache.org/jira/browse/KAFKA-13658?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mickael Maison updated KAFKA-13658: --- Fix Version/s: 3.0.1 3.1.1 > Upgrade vulnerable dependencies jan 2022 > > > Key: KAFKA-13658 > URL: https://issues.apache.org/jira/browse/KAFKA-13658 > Project: Kafka > Issue Type: Bug >Affects Versions: 2.8.1 >Reporter: Shivakumar >Priority: Major > Labels: secutiry > Fix For: 3.0.1, 3.2.0, 3.1.1 > > > |Packages|Package Version|CVSS|Fix Status| > |com.fasterxml.jackson.core_jackson-databind| 2.10.5.1| 7.5| fixed in 2.14, > 2.13.1, 2.12.6| > | | | | | > Our security scan detected the above vulnerabilities > upgrade to correct versions for fixing vulnerabilities -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (KAFKA-13658) Upgrade vulnerable dependencies jan 2022
[ https://issues.apache.org/jira/browse/KAFKA-13658?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bruno Cadonna updated KAFKA-13658: -- Fix Version/s: 3.2.0 > Upgrade vulnerable dependencies jan 2022 > > > Key: KAFKA-13658 > URL: https://issues.apache.org/jira/browse/KAFKA-13658 > Project: Kafka > Issue Type: Bug >Affects Versions: 2.8.1 >Reporter: Shivakumar >Priority: Major > Labels: secutiry > Fix For: 3.2.0 > > > |Packages|Package Version|CVSS|Fix Status| > |com.fasterxml.jackson.core_jackson-databind| 2.10.5.1| 7.5| fixed in 2.14, > 2.13.1, 2.12.6| > | | | | | > Our security scan detected the above vulnerabilities > upgrade to correct versions for fixing vulnerabilities -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (KAFKA-13658) Upgrade vulnerable dependencies jan 2022
[ https://issues.apache.org/jira/browse/KAFKA-13658?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shivakumar updated KAFKA-13658: --- Description: |Packages|Package Version|CVSS|Fix Status| |com.fasterxml.jackson.core_jackson-databind| 2.10.5.1| 7.5| fixed in 2.14, 2.13.1, 2.12.6| | | | | | Our security scan detected the above vulnerabilities upgrade to correct versions for fixing vulnerabilities was: |Packages|Package Version|CVSS|Fix Status| |io.netty_netty-codec (CVE-2021-43797)|4.1.62.Final|6.5|fixed in 4.1.71| |org.eclipse.jetty_jetty-server|9.4.43.v20210629|5.5|fixed in 9.4.44| |org.eclipse.jetty_jetty-servlet|9.4.43.v20210629|5.5|fixed in 9.4.44| Our security scan detected the above vulnerabilities upgrade to correct versions for fixing vulnerabilities > Upgrade vulnerable dependencies jan 2022 > > > Key: KAFKA-13658 > URL: https://issues.apache.org/jira/browse/KAFKA-13658 > Project: Kafka > Issue Type: Bug >Affects Versions: 2.8.1 >Reporter: Shivakumar >Assignee: Luke Chen >Priority: Major > Labels: secutiry > > |Packages|Package Version|CVSS|Fix Status| > |com.fasterxml.jackson.core_jackson-databind| 2.10.5.1| 7.5| fixed in 2.14, > 2.13.1, 2.12.6| > | | | | | > Our security scan detected the above vulnerabilities > upgrade to correct versions for fixing vulnerabilities -- This message was sent by Atlassian Jira (v8.20.1#820001)