[
https://issues.apache.org/jira/browse/KAFKA-17437?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17877354#comment-17877354
]
Viktor Somogyi-Vass commented on KAFKA-17437:
---------------------------------------------
[~gira1] I created a PR for you. Usually these changes are quite
straightforward if you want to do it next time :)
> Upgrade commons-validator from 1.7 to 1.9.0
> -------------------------------------------
>
> Key: KAFKA-17437
> URL: https://issues.apache.org/jira/browse/KAFKA-17437
> Project: Kafka
> Issue Type: Improvement
> Components: connect, core
> Affects Versions: 4.0.0
> Reporter: Hans Schuell
> Assignee: Viktor Somogyi-Vass
> Priority: Minor
>
> We are using Apache Kafka Connect in a critical environment, where our
> application security engineers control the used software (BOMs). The actual
> Kafka version (3.8.0) depends on {{commons-validator:commons-validator:1.7}},
> which has vulnerabilities listedÂ
> [here|https://mvnrepository.com/artifact/commons-validator/commons-validator/1.7].
> I know, that this CVE doesn't apply to Kafka, because it is related to unit
> testing, but it should not be so difficult to upgrade commons-validator from
> 1.7 to 1.9.0. I have changed the version in dependencies.gradle to 1.9.0 and
> at least the build worked without any problems.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
