Vulnerabilities Fix

syedghouse14 · 5 November 2024 07:14

Hello Team,

We are using the confluentinc/cp-kafka-connect-base:7.7.1 image fort the elastic and couchbase connector .

We are seeing vulnerabilities with this version. let us know when the next release will be available for the use.

Attached SS of some of the vulnerabilities available in the image . Please check and let us know the tentative of next release.

Regards,
Syed Ghouse

mmuehlbeyer · 5 November 2024 10:11

Hi @syedghouse14

are you able to login to confluent support portal?

Best,
michael

eitan.fux · 27 November 2024 12:23

Hi,
We have the same vulnerability ( org.apache.avro:avro │ 1.11.3 │ [1.11.4] │ Maven │ CVE-2024-47561 ).
We use the same kafka-connect (7.7.1)
Is there a plan to fix this issue?

Thanks,
Eitan

mmuehlbeyer · 9 December 2024 21:48

@eitan.fux are you able to login to confluent support portal?

Topic		Replies	Views
Resolving CVE-2022-48566 and CVE-2023-40217 Kafka Connect	1	1242	29 October 2023
Is the kafka-connect docker image confluentinc/cp-kafka-connect-base:5.5.0 affected by the log4j vulnerability https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228? Kafka Connect	2	3252	14 December 2021
Is cp-kafka-connect-base image still using confluent forked log4j v1.x? Self-Managed Connectors	1	1844	4 June 2023
Confluent-community-2.13 log4J vulnerability Kafka Connect	7	3330	2 March 2022
Resolving Security Vulnerability CVE-2023-41993 Kafka Connect	2	389	13 July 2024

Vulnerabilities Fix

Related topics