Vulnerabilities Fix

syedghouse14 · 5 November 2024 07:14

Hello Team,

We are using the confluentinc/cp-kafka-connect-base:7.7.1 image fort the elastic and couchbase connector .

We are seeing vulnerabilities with this version. let us know when the next release will be available for the use.

Attached SS of some of the vulnerabilities available in the image . Please check and let us know the tentative of next release.

Regards,
Syed Ghouse

mmuehlbeyer · 5 November 2024 10:11

Hi @syedghouse14

are you able to login to confluent support portal?

Best,
michael

eitan.fux · 27 November 2024 12:23

Hi,
We have the same vulnerability ( org.apache.avro:avro │ 1.11.3 │ [1.11.4] │ Maven │ CVE-2024-47561 ).
We use the same kafka-connect (7.7.1)
Is there a plan to fix this issue?

Thanks,
Eitan

mmuehlbeyer · 9 December 2024 21:48

@eitan.fux are you able to login to confluent support portal?

system · 8 January 2025 21:48

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Resolving CVE-2022-48566 and CVE-2023-40217 Kafka Connect	1	1247	29 October 2023
Is the kafka-connect docker image confluentinc/cp-kafka-connect-base:5.5.0 affected by the log4j vulnerability https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228? Kafka Connect	2	3255	14 December 2021
Is cp-kafka-connect-base image still using confluent forked log4j v1.x? Self-Managed Connectors	1	1845	4 June 2023
Confluent-community-2.13 log4J vulnerability Kafka Connect	7	3333	2 March 2022
Resolving Security Vulnerability CVE-2023-41993 Kafka Connect	2	407	13 July 2024

Vulnerabilities Fix

Related topics