Skip to content

strimzi-kafka-operator/0.49.1-r2: cve remediation #77379

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
octo-sts wants to merge 1 commit into from

strimzi-kafka-operator/0.49.1-r2: fix GHSA-3677-xxcr-wjqv

f957904
Select commit
Loading
Failed to load commit list.
Closed

strimzi-kafka-operator/0.49.1-r2: cve remediation #77379

strimzi-kafka-operator/0.49.1-r2: fix GHSA-3677-xxcr-wjqv
f957904
Select commit
Loading
Failed to load commit list.
Octo STS / ci-cve-scan-db failed Jan 7, 2026 in 26s

CVE scan report (mode: must-fix)

CVE scan report (mode: must-fix)

Details

CVE Scan Results (mode: must-fix)

⚠️ Must-Fix CVEs Found

The following CVEs were marked as must-fix in the PR body:

  • GHSA-3677-xxcr-wjqv (found in: aarch64/strimzi-kafka-operator-kafka-thirdparty-libs-cc-0.49.1-r3.apk, x86_64/strimzi-kafka-operator-kafka-thirdparty-libs-cc-0.49.1-r3.apk)

This check will fail until these CVEs are resolved.

aarch64/kafka-strimzi-compat-0.49.1-r3.apk

✅ No vulnerabilities found

aarch64/kafka_exporter-strimzi-compat-0.49.1-r3.apk

✅ No vulnerabilities found

aarch64/prometheus-jmx-exporter-strimzi-compat-0.49.1-r3.apk

✅ No vulnerabilities found

aarch64/strimzi-kafka-operator-0.49.1-r3.apk

✅ No vulnerabilities found

aarch64/strimzi-kafka-operator-cluster-operator-0.49.1-r3.apk

└── 📄 /opt/strimzi/lib/io.netty.netty-codec-http-4.2.7.Final.jar
        📦 netty-codec-http 4.2.7.Final (java-archive)
            Medium CVE-2025-67735 GHSA-84h7-rjj3-6jx4 fixed in 4.2.8.Final
                📝 CGA-7r9r-h7gm-x76x: set to detection 21 days ago @ 2025-12-16T15:47:42Z

aarch64/strimzi-kafka-operator-kafka-agent-0.49.1-r3.apk

└── 📄 /opt/strimzi/lib/io.netty.netty-codec-http-4.2.7.Final.jar
        📦 netty-codec-http 4.2.7.Final (java-archive)
            Medium CVE-2025-67735 GHSA-84h7-rjj3-6jx4 fixed in 4.2.8.Final
                📝 CGA-34jv-x47j-9v9x: set to detection 21 days ago @ 2025-12-16T15:47:41Z

aarch64/strimzi-kafka-operator-kafka-base-0.49.1-r3.apk

✅ No vulnerabilities found

aarch64/strimzi-kafka-operator-kafka-init-0.49.1-r3.apk

└── 📄 /opt/strimzi/lib/io.netty.netty-codec-http-4.2.7.Final.jar
        📦 netty-codec-http 4.2.7.Final (java-archive)
            Medium CVE-2025-67735 GHSA-84h7-rjj3-6jx4 fixed in 4.2.8.Final
                📝 CGA-g8w8-gc6r-2p97: set to detection 20 days ago @ 2025-12-17T23:23:31Z

aarch64/strimzi-kafka-operator-kafka-thirdparty-libs-0.49.1-r3.apk

✅ No vulnerabilities found

aarch64/strimzi-kafka-operator-kafka-thirdparty-libs-cc-0.49.1-r3.apk

├── 📄 /opt/cruise-control/libs/jetty-http-9.4.56.v20240826.jar
│       📦 jetty-http 9.4.56.v20240826 (java-archive)
│           Medium CVE-2024-6763 GHSA-qh8g-58pp-2wxh fixed in 12.0.12
│               📝 CGA-rh43-38gx-grqm: set to detection 61 days ago @ 2025-11-07T09:35:07Z
└── 📄 /opt/cruise-control/libs/jose4j-0.9.5.jar
        📦 jose4j 0.9.5 (java-archive)
            High CVE-2024-29371 GHSA-3677-xxcr-wjqv fixed in 0.9.6
                📝 CGA-w6q6-cvv6-842f: set to detection 0 days ago @ 2026-01-07T11:05:48Z

aarch64/strimzi-kafka-operator-topic-operator-0.49.1-r3.apk

└── 📄 /opt/strimzi/lib/io.netty.netty-codec-http-4.2.7.Final.jar
        📦 netty-codec-http 4.2.7.Final (java-archive)
            Medium CVE-2025-67735 GHSA-84h7-rjj3-6jx4 fixed in 4.2.8.Final
                📝 CGA-pqh9-9r3h-6xw8: set to detection 21 days ago @ 2025-12-17T11:06:30Z

aarch64/strimzi-kafka-operator-tracing-agent-0.49.1-r3.apk

└── 📄 /opt/strimzi/lib/io.netty.netty-codec-http-4.2.7.Final.jar
        📦 netty-codec-http 4.2.7.Final (java-archive)
            Medium CVE-2025-67735 GHSA-84h7-rjj3-6jx4 fixed in 4.2.8.Final
                📝 CGA-vxxj-6w44-gm25: set to detection 20 days ago @ 2025-12-17T23:23:31Z

aarch64/strimzi-kafka-operator-user-operator-0.49.1-r3.apk

└── 📄 /opt/strimzi/lib/io.netty.netty-codec-http-4.2.7.Final.jar
        📦 netty-codec-http 4.2.7.Final (java-archive)
            Medium CVE-2025-67735 GHSA-84h7-rjj3-6jx4 fixed in 4.2.8.Final
                📝 CGA-7558-8ccq-qqjx: set to detection 20 days ago @ 2025-12-17T23:23:46Z

x86_64/kafka-strimzi-compat-0.49.1-r3.apk

✅ No vulnerabilities found

x86_64/kafka_exporter-strimzi-compat-0.49.1-r3.apk

✅ No vulnerabilities found

x86_64/prometheus-jmx-exporter-strimzi-compat-0.49.1-r3.apk

✅ No vulnerabilities found

x86_64/strimzi-kafka-operator-0.49.1-r3.apk

✅ No vulnerabilities found

x86_64/strimzi-kafka-operator-cluster-operator-0.49.1-r3.apk

└── 📄 /opt/strimzi/lib/io.netty.netty-codec-http-4.2.7.Final.jar
        📦 netty-codec-http 4.2.7.Final (java-archive)
            Medium CVE-2025-67735 GHSA-84h7-rjj3-6jx4 fixed in 4.2.8.Final
                📝 CGA-8vrp-f43g-cc68: set to detection 21 days ago @ 2025-12-16T15:47:41Z

x86_64/strimzi-kafka-operator-kafka-agent-0.49.1-r3.apk

└── 📄 /opt/strimzi/lib/io.netty.netty-codec-http-4.2.7.Final.jar
        📦 netty-codec-http 4.2.7.Final (java-archive)
            Medium CVE-2025-67735 GHSA-84h7-rjj3-6jx4 fixed in 4.2.8.Final
                📝 CGA-78cm-fp3p-qgp4: set to detection 20 days ago @ 2025-12-17T23:23:31Z

x86_64/strimzi-kafka-operator-kafka-base-0.49.1-r3.apk

✅ No vulnerabilities found

x86_64/strimzi-kafka-operator-kafka-init-0.49.1-r3.apk

└── 📄 /opt/strimzi/lib/io.netty.netty-codec-http-4.2.7.Final.jar
        📦 netty-codec-http 4.2.7.Final (java-archive)
            Medium CVE-2025-67735 GHSA-84h7-rjj3-6jx4 fixed in 4.2.8.Final
                📝 CGA-cj64-w6fx-m5j3: set to detection 20 days ago @ 2025-12-18T11:08:36Z

x86_64/strimzi-kafka-operator-kafka-thirdparty-libs-0.49.1-r3.apk

✅ No vulnerabilities found

x86_64/strimzi-kafka-operator-kafka-thirdparty-libs-cc-0.49.1-r3.apk

├── 📄 /opt/cruise-control/libs/jetty-http-9.4.56.v20240826.jar
│       📦 jetty-http 9.4.56.v20240826 (java-archive)
│           Medium CVE-2024-6763 GHSA-qh8g-58pp-2wxh fixed in 12.0.12
│               📝 CGA-6h2v-pjch-9rr8: set to detection 62 days ago @ 2025-11-06T01:37:40Z
└── 📄 /opt/cruise-control/libs/jose4j-0.9.5.jar
        📦 jose4j 0.9.5 (java-archive)
            High CVE-2024-29371 GHSA-3677-xxcr-wjqv fixed in 0.9.6
                📝 CGA-rrw2-vg7h-vhx5: set to detection 0 days ago @ 2026-01-07T11:05:09Z

x86_64/strimzi-kafka-operator-topic-operator-0.49.1-r3.apk

└── 📄 /opt/strimzi/lib/io.netty.netty-codec-http-4.2.7.Final.jar
        📦 netty-codec-http 4.2.7.Final (java-archive)
            Medium CVE-2025-67735 GHSA-84h7-rjj3-6jx4 fixed in 4.2.8.Final
                📝 CGA-m3cq-q83m-6g28: set to detection 20 days ago @ 2025-12-17T23:23:31Z

x86_64/strimzi-kafka-operator-tracing-agent-0.49.1-r3.apk

└── 📄 /opt/strimzi/lib/io.netty.netty-codec-http-4.2.7.Final.jar
        📦 netty-codec-http 4.2.7.Final (java-archive)
            Medium CVE-2025-67735 GHSA-84h7-rjj3-6jx4 fixed in 4.2.8.Final
                📝 CGA-wm68-p8g7-w85f: set to detection 21 days ago @ 2025-12-16T15:47:42Z

x86_64/strimzi-kafka-operator-user-operator-0.49.1-r3.apk

└── 📄 /opt/strimzi/lib/io.netty.netty-codec-http-4.2.7.Final.jar
        📦 netty-codec-http 4.2.7.Final (java-archive)
            Medium CVE-2025-67735 GHSA-84h7-rjj3-6jx4 fixed in 4.2.8.Final
                📝 CGA-7grx-8mfh-pw5r: set to detection 20 days ago @ 2025-12-17T23:23:43Z
View more details on Octo STS