Sanjay Nathani created FLINK-29341: -------------------------------------- Summary: Upgrade Apache Kafka version to 7.1.1-ccs to resolve CVE-2021-38153 Key: FLINK-29341 URL: https://issues.apache.org/jira/browse/FLINK-29341 Project: Flink Issue Type: Bug Reporter: Sanjay Nathani Fix For: 1.13.6
The flink-connector-kafka module has Kafka as dependency being intorduced from here [https://github.com/apache/flink/blob/release-1.13.6/flink-connectors/flink-connector-kafka/pom.xml] . The version of kafka is 2.4.1 which is vulnerable having CVE-2021-38153 . In order to remove this CVE kafka version should be upgraded to 2.6.3 as said hereĀ https://lists.apache.org/thread/7vrvjt7tm7m46txds3kt6bywd8vp5px0 -- This message was sent by Atlassian Jira (v8.20.10#820010)