Confluent Platform 6.0.2 contains security fixes for the following open source packages:
urllib3 - CVE-2020-26137 (CVSS: 6.5).
The vulnerability is addressed in version 1.25.9 of urllib3. Confluent Platform has resolved this CVE in release 6.0.2 by upgrading to version 1.26.3.
cryptography - CVE-2020-1971 (CVSS: 5.9).
The vulnerability is addressed in version 3.3.1.8 of cryptography. Confluent Platform has resolved this CVE in release 6.0.2 by upgrading to version 3.4.6.
cryptography - CVE-2020-36242 (CVSS: 9.1).
The vulnerability is addressed in version 3.3.2 of cryptography. Confluent Platform has resolved this CVE in release 6.0.2 by upgrading to version 3.4.6.
pyyaml - CVE-2020-14343 (CVSS: 9.8).
The vulnerability is addressed in version 5.4 of pyyaml. Confluent Platform has resolved this CVE in release 6.0.2 by upgrading to version 5.4.1.
jinja2 - CVE-2020-28493 (CVSS: 5.3).
The vulnerability is addressed in version 2.11.3 of jinja2. Confluent Platform has resolved this CVE in release 6.0.2 by upgrading to version 2.11.3.
org.eclipse.jetty:jetty-webapp - CVE-2020-27216 (CVSS: 7).
Confluent Platform has resolved this CVE in release 6.0.2 by following the recommended CVE mitigation.
kotlin-stdlib:kotlin-stdlib - CVE-2020-29582 (CVSS: 5.3).
The vulnerability is addressed in version 1.4.21 of kotlin-stdlib. Confluent Platform has resolved this CVE in release 6.0.2 by upgrading to version 1.4.21.
com.google.guava:guava - CVE-2018-10237 (CVSS: 5.9).
The vulnerability is addressed in version 24.1.1 of com.google.guava:guava. Confluent Platform has resolved this CVE in release 6.0.2 by upgrading to version 24.1.1 and 28.1-jre.