Security vulnerability in confluent-7.3.0

csr · 10 November 2022 01:25

We are using confluent-7.3.0 dependency for schema registry. This brings in apache commons-text v1.8 dependency that has security vulnerabilities: CVE-2022-42889, CVE-2022-33980. Is there a plan or timeline to fix the issue in the next version soon? this is fixed in commons-text v1.10.0.

Thanks,
Birva

mcfarlp · 21 November 2022 18:23

This is a critical security fix that needs prioritizing! It looks like a pretty straightforward minor version bump is needed from commons-text v1.8 to commons-text v1.10.

How can I file a bug on confluent-7.3.0?

Topic		Replies	Views
Security vulnerabilities in confluent-6.2.4.tar.gz ksqlDB	8	3498	10 June 2022
Vulnerabilities related to schema registry in 7.2.1 & 7.3.0 Schema Registry	2	2798	24 January 2023
Confluentinc/cp-kafka-connect:7.8.1 sysdig security scan vulnerabilities found, when to expect the fix? Kafka Connect	1	54	14 March 2025
Vulnerabilities Fix Kafka Connect	4	237	8 January 2025
Vulnerabilities in latest docker image of confluentinc/cp-schema-registry:7.2.0 Schema Registry	0	3091	20 July 2022

Security vulnerability in confluent-7.3.0

Related topics