Vulnerabilities are being reported for kafka container images

Question

dkirrane opened this issue a year ago · 3 comments

If we deploy the latest 7.3.x container image e.g. confluentinc/cp-kafka-connect:7.3.3 these CVEs are showing:

CVE-2023-0361 - Red Hat Update for gnutls (RHSA-2023:1569)
CVE-2023-21930 - Azul Java Multiple Vulnerabilities Security Update April 2023

Answer 1 · 2023-05-22T13:13:50.000Z

@dkirrane
Thank you for raising bring this up. We expect to address those in the upcoming quarterly patch release.

Answer 2 · 2023-06-08T14:38:57.000Z

this looks like it's fixed now in latest pull of confluentinc/cp-kafka-connect:7.3.3

Answer 3 · 2023-07-31T11:53:18.000Z

Azul Java packages will be update in Q3 2023.