Confluent Platform 7.0.1 contains security fixes for the following open source packages:
CVE |
CVSS |
Vulnerable Package Version |
Upgraded Package Version |
9.8 (Redhat scoring as NVD scoring is not available) |
Org.apache.logging.log4j:log4j-api < 2.15.0 (v2)
Org.apache.logging.log4j:log4j-core < 2.15.0 (v2)
Log4j v1.x is not directly impacted at this time, and is under active investigation. |
Log4jv2 JARs have been removed from this release version | |
7.5 |
io.netty:netty-codec < 4.1.68.Final |
io.netty:netty-codec:4.1.68.Final |
|
7.5 |
io.netty:netty-codec < 4.1.68.Final |
io.netty:netty-codec:4.1.68.Final |
|
5.3 |
jakarta.el:jakarta.el-api < 3.0.4 |
jakarta.el:jakarta.el-api:4.0.0 |