Upgrade kafka-clients from 3.5.0 to 3.7.0 fixing snappy vulnerabilities #267

vietj · 2024-05-21T07:39:41Z

The kafka-clients upgrade indirectly upgrades snappy-java from 1.1.10.0 to 1.1.10.5 fixing these snappy-java vulnerablities:

kafka-clients 3.7.0 requires to bump the test dependency debezium from 2.1.4.Final to 2.6.1.Final.

…es (#265) The kafka-clients upgrade indirectly upgrades snappy-java from 1.1.10.0 to 1.1.10.5 fixing these snappy-java vulnerablities: * https://nvd.nist.gov/vuln/detail/CVE-2023-34453 * https://nvd.nist.gov/vuln/detail/CVE-2023-34454 * https://nvd.nist.gov/vuln/detail/CVE-2023-34455 * https://nvd.nist.gov/vuln/detail/CVE-2023-43642 kafka-clients 3.7.0 requires to bump the test dependency debezium from 2.1.4.Final to 2.6.1.Final.

vietj force-pushed the ppatierno-upgrade-kafka branch from 9cb1ada to 26d038b Compare May 21, 2024 07:52

Use toolchain to compile to 8 but run tests with 17

03f8528

vietj force-pushed the ppatierno-upgrade-kafka branch from 26d038b to 03f8528 Compare May 21, 2024 07:54

vietj added this to the 4.5.8 milestone May 21, 2024

vietj merged commit 4a71b67 into 4.x May 21, 2024
4 checks passed

vietj deleted the ppatierno-upgrade-kafka branch May 21, 2024 08:04

vietj mentioned this pull request May 21, 2024

Upgrade Kafka 3.7.0 #266

Closed

Provide feedback