Confluentinc/cp-kafka-connect:7.8.1 sysdig security scan vulnerabilities found, when to expect the fix?

alen · 12 February 2025 10:26

Dear Confluent Community Support Team,

When scan docker container image confluentinc/cp-kafka-connect:7.8.1 with sysdig security scan tool (https://sysdig.com/) i see below vulnerabilities identified.

When do you think you could release a fix for below vulnerabilities please?

org.apache.mina:mina-core 2.2.3
/usr/share/java/rest-utils/mina-core-2.2.3.jar
java
v2.2.4 suggested fix

org.apache.mina:mina-core 2.2.3
/usr/share/java/acl/acl-7.8.1.jar
java
v2.2.4 suggested fix
Jinja2 3.1.4
/usr/local/lib/python3.9/site-packages/jinja2-3.1.4.dist-info/METADATA
python
v3.1.5 suggested fix

libxml2 2.9.7-18.el8_10.1
/var/lib/rpm/Packages
OS
net.minidev:json-smart 2.5.0
/usr/share/java/kafka-serde-tools/json-smart-2.5.0.jar
java
org.asynchttpclient:async-http-client 2.12.3
/usr/share/java/confluent-control-center/telemetry-client-3.1518.0.jar
java
v2.12.4 suggested fix
org.asynchttpclient:async-http-client 2.12.3
/usr/share/java/acl/acl-7.8.1.jar
java
v2.12.4 suggested fix
org.asynchttpclient:async-http-client 2.12.3
/usr/share/java/confluent-telemetry/confluent-metrics-7.8.1-ce.jar
java
v2.12.4 suggested fix
krb5-libs 1.18.2-30.el8_10
/var/lib/rpm/Packages
OS

Topic		Replies	Views
Is the kafka-connect docker image confluentinc/cp-kafka-connect-base:5.5.0 affected by the log4j vulnerability https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228? Kafka Connect	2	3256	14 December 2021
Vulnerabilities Fix Kafka Connect	4	78	8 January 2025
Resolving CVE-2022-48566 and CVE-2023-40217 Kafka Connect	1	1248	29 October 2023
Resolving Security Vulnerability CVE-2023-41993 Kafka Connect	2	424	13 July 2024
Security vulnerabilities in confluent-6.2.4.tar.gz ksqlDB	8	3459	10 June 2022

Confluentinc/cp-kafka-connect:7.8.1 sysdig security scan vulnerabilities found, when to expect the fix?

Related topics