Upgrading kafka-clients to 3.2.3

35 views
Skip to first unread message

Anoop Chitreddy

unread,
Sep 25, 2022, 7:40:12 PMSep 25
to WildFly
Hi, 

We currently using wildfly-26.1.2.Final built using wildfly feature pack. Recently we received a warning from our dependency check tool indicating that kafka-clients v 3.1.0 is triggering a Medium severity CVE https://nvd.nist.gov/vuln/detail/CVE-2022-34917

We would be safe to upgrade kafka-clients to version 3.2.3. I am asking this question because the module file for  kafka-clients   in wildfly is marking it as  a private  dependency 
------------------------------------------------------------------------------------------------------------------------
<module name="org.apache.kafka.client" xmlns="urn:jboss:module:1.9">
    <properties>
        <property name="jboss.api" value="private"/>
    </properties>

    <resources>
        <resource-root path="kafka-clients-3.1.0.jar"/>
    </resources>

    <dependencies>
        <module name="com.fasterxml.jackson.core.jackson-databind"/>
        <module name="java.management"/>
        <module name="java.security.jgss"/>
        <module name="java.security.sasl"/>
        <module name="org.slf4j"/>
    </dependencies>
</module>
------------------------------------------------------------------------------------------------------------------------ 

Appreciate your help.

Anoop 
Reply all
Reply to author
Forward
0 new messages