How to handle Confluent CVEs?

Hey folks,
Can you please share your suggestions and ideas about how to address Confluent Kafka CVEs on each version?
Do I need to take any action on them?


Do you mean NVD - CVE-2021-38153? You can upgrade to 2.8.1 or 3.0.0.
If you are using Spring, and specifically the related Kafka-test, you have to wait a bit for the next release. See Releases · spring-projects/spring-kafka · GitHub (main branch is already updated to 2.8.1).

1 Like

Sorry for the delayed response.
I am asking in general, usually when Confluent publish the CVE’s list for each version, we should wait until next release or upgrade to next release. But due to the constraints that we have, we cannot immediately proceed to next upgrade. So how to handle this situation.


Are you already a Confluent customer? This is something that you could raise a support ticket to discuss directly.

yes we do.
Let me check with them.

Thank you.