Javier Li Sam created KAFKA-14320: ------------------------------------- Summary: Upgrade Jackson for CVE fixes Key: KAFKA-14320 URL: https://issues.apache.org/jira/browse/KAFKA-14320 Project: Kafka Issue Type: Bug Components: core Affects Versions: 3.2.0 Reporter: Javier Li Sam Assignee: Thomas Cooper Fix For: 3.3.0
There are a couple of CVEs for netty and Jackson: Netty: [CVE-2022-24823|https://www.cve.org/CVERecord?id=CVE-2022-24823] - Fixed by upgrading to 4.1.77+ Jackson: [CVE-2020-36518|https://www.cve.org/CVERecord?id=CVE-2020-36518] - Fixed by upgrading to 2.13.0+ -- This message was sent by Atlassian Jira (v8.20.10#820010)