Hans Schuell created KAFKA-17437:
------------------------------------
Summary: Upgrade commons-validator from 1.7 to 1.9.0
Key: KAFKA-17437
URL: https://issues.apache.org/jira/browse/KAFKA-17437
Project: Kafka
Issue Type: Improvement
Components: connect, core
Affects Versions: 3.8.0
Reporter: Hans Schuell
We are using Apache Kafka Connect in a critical environment, where our
application security engineers control the used software (BOMs). The actual
Kafka version (3.8.0) depends on {{commons-validator:commons-validator:1.7}},
which has vulnerabilities listedÂ
[here|https://mvnrepository.com/artifact/commons-validator/commons-validator/1.7].
I know, that this CVE doesn't apply to Kafka, because it is related to unit
testing, but it should not be so difficult to upgrade commons-validator from
1.7 to 1.9.0. I have changed the version in dependencies.gradle to 1.9.0 and at
least the build worked without any problems.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
