Confluent Platform 5.2.5 contains security fixes for the following open source packages:
jinja2 - CVE-2019-10906 (CVSS: 8.6)
The vulnerability is addressed in version 2.10.1 of jinja2. Confluent Platform has resolved this CVE in release 5.2.5 by upgrading to version 2.11.2.
requests - CVE-2018-18074 (CVSS: 7.5)
The vulnerability is addressed in version 2.20 of requests. Confluent Platform has resolved this CVE in release 5.2.5 by upgrading to version 2.20.
pip - CVE-2019-20916 (CVSS: 7.5)
The vulnerability is addressed in version 19.2 of pip. Confluent Platform has resolved this CVE in release 5.2.5 by upgrading to version 20.3.4.
pyyaml - CVE-2017-18342 (CVSS: 9.8)
The vulnerability is addressed in version 5.1.2 of pyyaml. Confluent Platform has resolved this CVE in release 5.2.5 by upgrading to version 5.4.1.
pyyaml - CVE-2020-14343 (CVSS: 9.8)
The vulnerability is addressed in version 5.4 of pyyaml. Confluent Platform has resolved this CVE in release 5.2.5 by upgrading to version 5.4.1.
org.apache.activemq:activemq-client - CVE-2017-15709 (CVSS: 3.7)
The vulnerability is addressed in version 5.15.3 of activemq-client. Confluent Platform has resolved this CVE in release 5.2.5 by upgrading to version 5.16.1.
org.apache.activemq:activemq-client - CVE-2018-11775 (CVSS: 6.1)
The vulnerability is addressed in version 5.15.6 of activemq-client. Confluent Platform has resolved this CVE in release 5.2.5 by upgrading to version 5.16.1.
org.apache.activemq:activemq-client - CVE-2018-8006 (CVSS: 6.1)
The vulnerability is addressed in version 5.15.5 of activemq-client. Confluent Platform has resolved this CVE in release 5.2.5 by upgrading to version 5.16.1.
org.apache.activemq:activemq-client - CVE-2019-0222 (CVSS: 7.5)
The vulnerability is addressed in version 5.15.9 of activemq-client. Confluent Platform has resolved this CVE in release 5.2.5 by upgrading to version 5.16.1.
org.apache.activemq:activemq-client - CVE-2020-13920 (CVSS: 5.9)
The vulnerability is addressed in version 5.15.12 of activemq-client. Confluent Platform has resolved this CVE in release 5.2.5 by upgrading to version 5.16.1.
org.apache.activemq:activemq-client - CVE-2020-13947 (CVSS: 6.1)
The vulnerability is addressed in version 5.16.0 of activemq-client. Confluent Platform has resolved this CVE in release 5.2.5 by upgrading to version 5.16.1.
org.apache.activemq:activemq-client - CVE-2020-1941 (CVSS: 6.1)
The vulnerability is addressed in version 5.15.12 of activemq-client. Confluent Platform has resolved this CVE in release 5.2.5 by upgrading to version 5.16.1.
commons-beanutils:commons-beanutils - CVE-2019-10086 (CVSS: 7.3)
The vulnerability is addressed in version 1.9.4 of commons-beanutils. Confluent Platform has resolved this CVE in release 5.2.5 by upgrading to version 1.9.4.
commons-httpclient:commons-httpclient/org.apache.httpcomponents:httpclient - CVE-2020-13956 (CVSS: 5.3)
The vulnerability is addressed in version 4.5.13 of httpclient. Confluent Platform has resolved this CVE in release 5.2.5 by upgrading to version 4.5.13.
com.fasterxml.jackson.core:jackson-databind - CVE-2019-16942 (CVSS: 9.8)
The vulnerability is addressed in versions 2.9.10.1, 2.8.11.5, 2.6.7.3 of jackson-databind. Confluent Platform has resolved this CVE in release 5.2.5 by upgrading to version 2.9.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2019-16943 (CVSS: 9.8)
The vulnerability is addressed in version 2.9.10.1, 2.8.11.5, 2.6.7.3 of jackson-databind. Confluent Platform has resolved this CVE in release 5.2.5 by upgrading to version 2.9.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2019-17531 (CVSS: 9.8)
The vulnerability is addressed in version 2.9.10.1 of jackson-databind. Confluent Platform has resolved this CVE in release 5.2.5 by upgrading to version 2.9.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2019-20330 (CVSS: 9.8)
The vulnerability is addressed in version 2.9.10.2 of jackson-databind. Confluent Platform has resolved this CVE in release 5.2.5 by upgrading to version 2.9.10.5.1.
com.fasterxml.jackson.core:jackson-databind - CVE-2020-8840 (CVSS: 9.8)
The vulnerability is addressed in version 2.9.10.3, 2.8.11.5, 2.7.9.7 of jackson-databind. Confluent Platform has resolved this CVE in release 5.2.5 by upgrading to version 2.9.10.5.1.
processor:jackson-mapper-asl - CVE-2019-10172 (CVSS: 7.5)
The vulnerability is addressed in version 1.9.14.jdk17-redhat-00001 of jackson-mapper-asl. Confluent Platform has resolved this CVE in release 5.2.5 by upgrading to version 1.9.14.jdk17-redhat-00001.
org.glassfish.jersey.core:jersey-common - CVE-2021-28168 (CVSS: 5.5)
The vulnerability is addressed in version 2.34 of jersey-common. Confluent Platform has resolved this CVE in release 5.2.5 by upgrading to version 2.34.
org.eclipse.jetty:jetty-io - CVE-2019-10241 (CVSS: 6.1)
The vulnerability is addressed in version 9.4.16.v20190411 of jetty-io. Confluent Platform has resolved this CVE in release 5.2.5 by upgrading to version 9.4.40.v20210413/9.4.39.v20210325.
org.eclipse.jetty:jetty-webapp - CVE-2020-27216 (CVSS: 7.0)
The vulnerability is addressed in version 9.4.33.v20201020 of jetty-io. Confluent Platform has resolved this CVE in release 5.2.5 by upgrading to version 9.4.40.v20210413/9.4.39.v20210325.
org.eclipse.jetty:jetty-server - CVE-2020-27218 (CVSS: 4.8)
The vulnerability is addressed in version 9.4.35.v20201120 of jetty-io. Confluent Platform has resolved this CVE in release 5.2.5 by upgrading to version 9.4.40.v20210413/9.4.39.v20210325.
org.eclipse.jetty:jetty-server - CVE-2020-27223 (CVSS: 5.3)
The vulnerability is addressed in version 9.4.37.v20210219 of jetty-io. Confluent Platform has resolved this CVE in release 5.2.5 by upgrading to version 9.4.40.v20210413/9.4.39.v20210325.
org.eclipse.jetty:jetty-webapp - CVE-2021-28164 (CVSS: 5.3)
The vulnerability is addressed in version 9.4.39 of jetty-webapp. Confluent Platform has resolved this CVE in release 5.2.5 by upgrading to version 9.4.40.v20210413/9.4.39.v20210325.
org.apache.thrift:libthrift - CVE-2016-5397 (CVSS: 8.8)
The vulnerability is addressed in version 0.11.0 of libthrift. Confluent Platform has resolved this CVE in release 5.2.5 by upgrading to version 0.13.0.
io.netty:netty-codec-http2 - CVE-2021-21295 (CVSS: 5.9)
The vulnerability is addressed in version 4.1.60.final of netty-http2. Confluent Platform has resolved this CVE in release 5.2.5 by upgrading to version 4.1.63.Final.
io.netty:netty-codec-http - CVE-2019-20445 (CVSS: 9.1)
The vulnerability is addressed in version 4.1.44.final of netty-codec. Confluent Platform has resolved this CVE in release 5.2.5 by upgrading to version 4.1.63.Final.
io.netty:netty-codec - CVE-2020-11612 (CVSS: 7.5)
The vulnerability is addressed in version 4.1.46.final of netty-codec. Confluent Platform has resolved this CVE in release 5.2.5 by upgrading to version 4.1.48.Final.
org.postgresql:postgresql - CVE-2020-13692 (CVSS: 8.2)
The vulnerability is addressed in version 42.2.13 of postgresql. Confluent Platform has resolved this CVE in release 5.2.5 by upgrading to version 42.2.19.
org.yaml:snakeyaml - CVE-2017-18640 (CVSS: 7.5)
The vulnerability is addressed in version 1.26 of snakeyaml. Confluent Platform has resolved this CVE in release 5.2.5 by upgrading to version 1.26.
org.apache.zookeeper:zookeeper - CVE-2019-0201 (CVSS: 5.9)
The vulnerability is addressed in version 3.4.14 of zookeeper. Confluent Platform has resolved this CVE in release 5.2.5 by upgrading to version 3.4.14, 3.5.9.