Hi Kafka experts: I figure out that the guava and rocksdbjni used by Kafka of the the latest version 2.4.1, relates with several CVEs.
The CVE for guava 20 is CVE-2018-10237, and the CVEs for rocksdbjni compiled with bzip2 1.0.6 is CVE-2016-3189 and CVE-2019-12900. Is Kafka affected by these CVEs? Is there any plan to upgrade the version of guava and rocksdbjni? Sincerely look forward to your reply. BRs
