Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Kafka to 3.4.1 #2705

Closed
rhanton opened this issue Jun 13, 2023 · 2 comments
Closed

Update Kafka to 3.4.1 #2705

rhanton opened this issue Jun 13, 2023 · 2 comments
Labels
status: invalid

Comments

@rhanton
Copy link

rhanton commented Jun 13, 2023
edited
Loading

In what version(s) of Spring for Apache Kafka are you seeing this issue?

3.0.7

Describe the bug

Currently included kafka version 3.4.0 is popping up in our dependency scanning tool due to https://nvd.nist.gov/vuln/detail/CVE-2022-36944 issue with Scala which was remedied (just in case) by Kafka in https://issues.apache.org/jira/browse/KAFKA-14988 as part of the v3.4.1 release. I realize this is likely not any particular issue for spring-kafka, but would appreciate the patch-bump if possible in a future release.
@rhanton
Copy link
Author

rhanton commented Jun 13, 2023

Realizing this project's baseline is just 3.3.2 right now and the proper place to fix is spring-boot's override. This was already done by spring-projects/spring-boot#35840

Closing ticket.

@rhanton rhanton closed this as completed Jun 13, 2023
@garyrussell
Copy link
Contributor

Yes, I already tested that all is ok with 3.4.1 before Boot did the upgrade.

Thanks anyway.

@garyrussell garyrussell closed this as not planned Won't fix, can't repro, duplicate, stale Jun 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: invalid
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@garyrussell @rhanton