Confluent Platform 5.5.7 contains security fixes for the following open source packages:
CVE |
CVSS |
Vulnerable Package Version |
Upgraded Package Version |
7.5 |
io.netty:netty-codec < 4.1.68.Final |
io.netty:netty-codec:4.1.68.Final and 4.1.69.Final |
|
7.5 |
io.netty:netty-codec < 4.1.68.Final |
io.netty:netty-codec:4.1.68.Final and 4.1.69.Final |
|
5.3 |
jakarta.el:jakarta.el-api < 3.0.4 |
jakarta.el:jakarta.el-api:4.0.0 |
This patch release version of CP is not impacted by CVE-2021-44228. In regards to CVE-2021-4104, please refer to this link for additional information about log4j1.