-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
io.confluent:kafka-json-schema-serializer:7.5.1 includes 3 party library with critical vulnerability #2960
Comments
@maciejadamski0 |
@janjwerner-confluent |
@maciejadamski0 |
Hi @janjwerner-confluent
I will try this action and let you know if it helped in our case. |
@maciejadamski0 |
Hi,
The library that contains serializers/deserializers for json schema contains a critical vulnerability. We tried to exclude from packages but then sending messages on kafka does not work.
--[io.confluent:kafka-json-schema-provider:7.5.1]
---[com.kjetland:mbknor-jackson-jsonschema_2.13:1.0.39]
----[org.scala-lang:scala-library:2.13.1]
com.kjetland:mbknor-jackson-jsonschema is not publish newer version since 2020.
People reported errors and created merge requests to correct these problems, but the author did not respond. It looks like the library is simply no longer supported.
Are you able to replace this particular library with a newer solution that has support and does not contain critical vulnerabilities?
The text was updated successfully, but these errors were encountered: