Critical and other vulnerabilities found in latest jar release

Question

Closed this issue 2 years ago · 3 comments

Describe the bug
The following vulnerabilities have been found through anchore scane of the image using latest version of kafkaer jar:

MEDIUM Vulnerability commons-io (CVE-2021-29425)
HIGH Vulnerability jackson-databind (CVE-2022-42003)
HIGH Vulnerability jackson-databind (CVE-2022-42004)
CRITICAL Vulnerability commons-text (CVE-2022-42889)

To Reproduce
Apply anchore scan on the same

Expected behavior
1 Critical , 2 high and 1 medium vulnerability will be found

Released

Answer 1 · 2023-03-20T08:49:11.000Z

Created a PR to address this, here #24

Answer 2 · 2023-04-03T06:03:33.000Z

@navdeepsekhon Could you please create a release out of the latest updates so that we can use the jar version directly in our applications, thanks !