Confluent Platform 5.3.5 contains security fixes for the following open source packages:
pyyaml - CVE-2020-14343 (CVSS: 9.8)
The vulnerability is addressed in version 5.4 of pyyaml. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 5.4.1.
org.apache.activemq:activemq-client - CVE-2017-15709 (CVSS: 3.7)
The vulnerability is addressed in version 5.15.3 of activemq-client. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to 5.16.1.
org.apache.activemq:activemq-client - CVE-2018-11775 (CVSS: 6.1)
The vulnerability is addressed in version 5.15.6 of activemq-client. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 5.16.1.
org.apache.activemq:activemq-client - CVE-2018-8006 (CVSS: 6.1)
The vulnerability is addressed in version 5.15.5 of activemq-client. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 5.16.1.
org.apache.activemq:activemq-client - CVE-2019-0222 (CVSS: 7.5)
The vulnerability is addressed in version 5.15.9 of activemq-client. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 5.16.1.
org.apache.activemq:activemq-client - CVE-2020-13920 (CVSS: 5.9)
The vulnerability is addressed in version 5.15.12 of activemq-client. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 5.16.1.
org.apache.activemq:activemq-client - CVE-2020-13947 (CVSS: 6.1)
The vulnerability is addressed in version 5.16.0 of activemq-client. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 5.16.1.
org.apache.activemq:activemq-client - CVE-2020-1941 (CVSS: 6.1)
The vulnerability is addressed in version 5.15.12 of activemq-client. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 5.16.1.
commons-collections:commons-collections - CVE-2017-15708 (CVSS: 9.8)
The vulnerability is addressed in version 3.2.2 of commons-collections. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 3.2.2.
org.hibernate:hibernate-validator - CVE-2020-10693 (CVSS: 5.3)
The vulnerability is addressed in version 6.0.19.Final of hibernate-validator. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 6.1.7.Final.
commons-httpclient:commons-httpclient/org.apache.httpcomponents:httpclient - CVE-2020-13956 (CVSS: 5.3)
The vulnerability is addressed in version 4.5.13 of httpclient. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 4.5.13.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-25649 (CVSS: 7.5)
The vulnerability is addressed in version 2.9.10.7 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-24616 (CVSS: 8.1)
The vulnerability is addressed in version 2.9.10.6 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-24750 (CVSS: 8.1)
The vulnerability is addressed in version 2.6.7.4 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-35490 (CVSS: 8.1)
The vulnerability is addressed in version 2.9.10.8 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-35491 (CVSS: 8.1)
The vulnerability is addressed in version 2.9.10.8 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-35728 (CVSS: 8.1)
The vulnerability is addressed in version 2.9.10.8 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-36179 (CVSS: 8.1)
The vulnerability is addressed in version 2.9.10.8 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-36180 (CVSS: 8.1)
The vulnerability is addressed in version 2.9.10.8 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-36181 (CVSS: 8.1)
The vulnerability is addressed in version 2.9.10.8 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-36182 (CVSS: 8.1)
The vulnerability is addressed in version 2.9.10.8 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-36183 (CVSS: 8.1)
The vulnerability is addressed in version 2.9.10.8 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-36184 (CVSS: 8.1)
The vulnerability is addressed in version 2.9.10.8 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-36185 (CVSS: 8.1)
The vulnerability is addressed in version 2.9.10.8 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-36186 (CVSS: 8.1)
The vulnerability is addressed in version 2.9.10.8 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-36187 (CVSS: 8.1)
The vulnerability is addressed in version 2.9.10.8 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-36188 (CVSS: 8.1)
The vulnerability is addressed in version 2.9.10.8 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-36189 (CVSS: 8.1)
The vulnerability is addressed in version 2.9.10.8 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2021-20190 (CVSS: 8.1)
The vulnerability is addressed in version 2.9.10.7 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2019-16942 (CVSS: 9.8)
The vulnerability is addressed in versions 2.9.10.1, 2.8.11.5, 2.6.7.3 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2019-16943 (CVSS: 9.8)
The vulnerability is addressed in version 2.9.10.1, 2.8.11.5, 2.6.7.3 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2019-17531 (CVSS: 9.8)
The vulnerability is addressed in version 2.9.10.1 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2019-20330 (CVSS: 9.8)
The vulnerability is addressed in version 2.9.10.2 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-10672 (CVSS: 8.8)
The vulnerability is addressed in version 2.9.10.4 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-10673 (CVSS: 8.8)
The vulnerability is addressed in version 2.9.10.4 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-10968 (CVSS: 8.8)
The vulnerability is addressed in version 2.9.10.4 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-10969 (CVSS: 8.8)
The vulnerability is addressed in version 2.9.10.4 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-11111 (CVSS: 8.8)
The vulnerability is addressed in version 2.9.10.4 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-11112 (CVSS: 8.8)
The vulnerability is addressed in version 2.9.10.4 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-11113 (CVSS: 8.8)
The vulnerability is addressed in version 2.9.10.4 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-11619 (CVSS: 8.1)
The vulnerability is addressed in version 2.9.10.4 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-11620 (CVSS: 8.1)
The vulnerability is addressed in version 2.9.10.4 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-14060 (CVSS: 8.1)
The vulnerability is addressed in version 2.9.10.5 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-14061 (CVSS: 8.1)
The vulnerability is addressed in version 2.9.10.5 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-14062 (CVSS: 8.1)
The vulnerability is addressed in version 2.9.10.5 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-14195 (CVSS: 8.1)
The vulnerability is addressed in version 2.9.10.5 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-8840 (CVSS: 9.8)
The vulnerability is addressed in version 2.9.10.3, 2.8.11.5, 2.7.9.7 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-9546 (CVSS: 9.8)
The vulnerability is addressed in version 2.9.10 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-9547 (CVSS: 9.8)
The vulnerability is addressed in version 2.9.10.4 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-9548 (CVSS: 9.8)
The vulnerability is addressed in version 2.9.10.4 of jackson-databind. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.10.5.1.
com.fasterxml.jackson.dataformat:jackson-dataformat-cbor - CVE-2020-28491 (CVSS: 7.5)
The vulnerability is addressed in version 2.11.4 of jackson-dataformat-cbor. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.11.4.
processor:jackson-mapper-asl - CVE-2019-10172 (CVSS: 7.5)
The vulnerability is addressed in version 1.9.14.jdk17-redhat-00001 of jackson-mapper-asl. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 1.9.14.jdk17-redhat-00001.
org.glassfish.jersey.core:jersey-common - CVE-2021-28168 (CVSS: 5.5)
The vulnerability is addressed in version 2.34 of jersey-common. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 2.34.
org.eclipse.jetty:jetty-io - CVE-2021-28165 (CVSS: 7.5)
The vulnerability is addressed in version 9.4.39 of jetty-io. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 9.4.40.v20210413.
org.eclipse.jetty:jetty-webapp - CVE-2020-27216 (CVSS: 7.0)
The vulnerability is addressed in version 9.4.33.v20201020 of jetty-io. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 9.4.40.v20210413.
org.eclipse.jetty:jetty-server - CVE-2020-27218 (CVSS: 4.8)
The vulnerability is addressed in version 9.4.35.v20201120 of jetty-io. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 9.4.40.v20210413.
org.eclipse.jetty:jetty-server - CVE-2020-27223 (CVSS: 5.3)
The vulnerability is addressed in version 9.4.37.v20210219 of jetty-io. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 9.4.40.v20210413.
org.eclipse.jetty:jetty-webapp - CVE-2021-28164 (CVSS: 5.3)
The vulnerability is addressed in version 9.4.39 of jetty-webapp. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 9.4.40.v20210413.
io.netty:netty-all - CVE-2021-21409 (CVSS: 5.9)
The vulnerability is addressed in version 4.1.61.Final of netty-all. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 4.1.63.Final.
io.netty:netty-all - CVE-2021-21295 (CVSS: 5.9)
The vulnerability is addressed in version 4.1.60.final of netty-all. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 4.1.63.Final.
io.netty:netty-all - CVE-2021-21290 (CVSS: 5.5)
The vulnerability is addressed in version 4.1.59.final of netty-all. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 4.1.63.Final.
io.netty:netty - CVE-2019-20444 (CVSS: 9.1)
The vulnerability is addressed in version 4.1.44.Final of netty-all. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 4.1.63.final.
io.netty_netty - CVE-2019-16869 (CVSS: 7.5)
The vulnerability is addressed in version 4.1.42.final of netty-all. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 4.1.63.final.
io.netty:netty-codec - CVE-2020-11612 (CVSS: 7.5)
The vulnerability is addressed in version 4.1.46.final of netty-codec. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 4.1.63.final.
io.netty:netty-codec-http - CVE-2019-20445 (CVSS: 9.1)
The vulnerability is addressed in version 4.1.44.final of netty-codec. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 4.1.63.final.
org.postgresql:postgresql - CVE-2020-13692 (CVSS: 8.2)
The vulnerability is addressed in version 42.2.13 of postgresql. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to version 42.2.19.
org.yaml:snakeyaml - CVE-2017-18640 (CVSS: 7.5)
The vulnerability is addressed in version 1.26 of snakeyaml. Confluent Platform has resolved this CVE in release 5.3.5 by upgrading to versions 1.26.