Security vulnerability in confluent-7.3.0

We are using confluent-7.3.0 dependency for schema registry. This brings in apache commons-text v1.8 dependency that has security vulnerabilities: CVE-2022-42889, CVE-2022-33980. Is there a plan or timeline to fix the issue in the next version soon? this is fixed in commons-text v1.10.0.

Thanks,
Birva

1 Like

This is a critical security fix that needs prioritizing! It looks like a pretty straightforward minor version bump is needed from commons-text v1.8 to commons-text v1.10.

How can I file a bug on confluent-7.3.0?

This topic was automatically closed after 30 days. New replies are no longer allowed.