Jan Werner
Jan Werner
Juan, Thank you for raising this issue. The vulnerabilities have been addressed with an update of the netty dependency.
Pavel, Thank you for raising this issue. The CVEs have been addressed. We recommend using the latest release 6.1.7 http://packages.confluent.io/archive/6.1/confluent-community-6.1.7.zip
Mikita, Thank you for raising this issue. The latest release 6.2.6 ships with an updated protobuf-java-3.19.4.jar resolving the issue. https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLEPROTOBUF-2331703.
Toby, Thank you for raising this issue. We are aware of those issues and plan on addressing them in an upcoming release cycle.
Pavel, Thank you for raising this issue. The CVEs have been addressed. We recommend using the latest release 6.1.7 (https://packages.confluent.io/archive/6.1/confluent-community-6.1.7.zip)
Adam, Thank you for the followup. We are aware of those issues and we are working on addressing them. Thanks! Jan
Thank you Eli for commenting on this. OP can you please close the issue?
Thank you for raising this issue. Confluent Platform updates (including image upgrades) are made available on a quarterly cadence. The issues have been addressed at this point in time.
Pavel, Thank you for raising this issue. The CVEs have been addressed. We recommend using the latest release 5.5.11 http://packages.confluent.io/archive/5.5/confluent-5.5.11-2.12.zip
Thank you for the report. We are in the process of resolving this issue.