From 11e7b005efff086c23552d9fe1cdb6f9ae423688 Mon Sep 17 00:00:00 2001 From: Linux User Date: Mon, 30 Sep 2024 23:08:22 +0000 Subject: [PATCH] confluent-kafka GHSA-735f-pc8j-v9w8 advisory --- confluent-kafka.advisories.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/confluent-kafka.advisories.yaml b/confluent-kafka.advisories.yaml index 81214a0e4..0ed23c00a 100644 --- a/confluent-kafka.advisories.yaml +++ b/confluent-kafka.advisories.yaml @@ -21,6 +21,10 @@ advisories: componentType: java-archive componentLocation: /usr/lib/kafka/libs/protobuf-java-3.23.4.jar scanner: grype + - timestamp: 2024-09-30T23:05:40Z + type: pending-upstream-fix + data: + note: 'Due to the nature of protobuf being a transitive dependency in the confluent-kafka project, which can be seen as the only reference to protobuf in the build.gradle file is moving the protobuf package within the shared JAR: https://github.com/confluentinc/kafka/blob/03095817ba4083115063a1df964d3a290406d167/build.gradle#L1855 We must wait for the dependency to be bumped upstream.' - id: CGA-rf22-c48h-w77h aliases: