Rafael Rios Saavedra created KAFKA-15487:
--------------------------------------------
Summary: CVE-2023-40167, CVE-2023-36479 - Upgrade jetty to 9.4.52,
10.0.16, 11.0.16, 12.0.1
Key: KAFKA-15487
URL: https://issues.apache.org/jira/browse/KAFKA-15487
Project: Kafka
Issue Type: Bug
Affects Versions: 2.7.0, 2.6.1
Reporter: Rafael Rios Saavedra
Assignee: Dongjin Lee
Fix For: 2.8.0, 2.7.1, 2.6.2, 3.0.0
*CVE-2021-28165* vulnerability affects Jetty versions up to *9.4.38*. For more
information see [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28165]
Upgrading to Jetty version *9.4.39* should address this issue
([https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.39.v20210325)|https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.39.v20210325].
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
