Strimzi
has Strimzi delivered a version including JSON-java with the fix for CVE-2023-5072 #10816
Unanswered
secureaniruddha
asked this question in
Q&A
Replies: 2 comments
-
|
From where are you getting that the Strimzi operator or Apache kafka are affected by this CVE? Please provide more information about your finding. It's a pretty old CVE. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
I do not think we ever did anything knowingly to address this vulnerability. It is not even clear what library it affects and where is it used. If you wanna know that for sure, you should scan the Strimzi releases (e.g. the container images or the pom.xml files) to see what versions were affected or not. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi All,
Has Strimzi integrated a fixed version of JSON-java to address the CVE-2023-5072 vulnerability? If so, could you please provide the specific versions of Strimzi and Kafka that include this fix? If not, is there a timeline for a release that includes this fix?
Beta Was this translation helpful? Give feedback.
All reactions