[
https://issues.apache.org/jira/browse/KAFKA-14923?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17714463#comment-17714463
]
Vikash Mishra commented on KAFKA-14923:
---------------------------------------
[Mickael Maison|https://cwiki.apache.org/confluence/display/~mickael.maison]
3.5.0 is upcoming release & most likely 3.5.0 would be impacted with same CVE
unless we are already upgrading netty version in it.
Thanks
> Upgrade io.netty_netty-codec for CVE-2022-41881
> -----------------------------------------------
>
> Key: KAFKA-14923
> URL: https://issues.apache.org/jira/browse/KAFKA-14923
> Project: Kafka
> Issue Type: Task
> Affects Versions: 3.4.0, 3.3.2
> Reporter: Vikash Mishra
> Priority: Critical
>
> Currently used io.netty_netty-codec version 4.1.78 has high severity CVE:
> [NVD - CVE-2022-41881
> (nist.gov)|https://nvd.nist.gov/vuln/detail/CVE-2022-41881]
> Fix was patched in version 4.1.86.Final. As we have higher stable version
> 4.1.91.Final available we should upgrade to same to fix mentioned CVE.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
