[jira] [Created] (KAFKA-14320) Upgrade Jackson for CVE fixes

Javier Li Sam (Jira) Tue, 18 Oct 2022 15:52:06 -0700

Javier Li Sam created KAFKA-14320:
-------------------------------------

             Summary: Upgrade Jackson for CVE fixes
                 Key: KAFKA-14320
                 URL: https://issues.apache.org/jira/browse/KAFKA-14320
             Project: Kafka
          Issue Type: Bug
          Components: core
    Affects Versions: 3.2.0
            Reporter: Javier Li Sam
            Assignee: Thomas Cooper
             Fix For: 3.3.0



There are a couple of CVEs for netty and Jackson:

Netty: [CVE-2022-24823|https://www.cve.org/CVERecord?id=CVE-2022-24823] - Fixed 
by upgrading to 4.1.77+

Jackson: [CVE-2020-36518|https://www.cve.org/CVERecord?id=CVE-2020-36518] - 
Fixed by upgrading to 2.13.0+



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (KAFKA-14320) Upgrade Jackson for CVE fixes

Reply via email to