CPC Gateway v1.1.1
CPC Gateway patch release version 1.1.1 addresses security hygiene improvements across CPC Gateway components through upgrades to third-party dependencies.
Security Vulnerabilities
CPC Gateway 1.1.1 did not include any upgrades related to exploitable security vulnerabilities.
Resolved security hygiene issues in 3rd party dependencies
The following list of package upgrades are related to vulnerabilities present in open-source packages depended upon by CPC Gateway. These are included as part of security hygiene. At this time, no exploitable vector has been identified for any of the CVEs present in the following table.
CVE |
CVSS |
Impacted Package Version |
Upgraded Package Version |
10 |
stdlib < v1.25.4 |
stdlib = 1.26.0 |
|
7.5 |
stdlib < v1.25.4 |
stdlib = 1.26.0 |
|
7.5 |
stdlib < v1.25.4 |
stdlib = 1.26.0 |
|
7.5 |
org.lz4:lz4-java < 1.8.0 |
at.yawk.lz4:lz4-java = 1.10.1 |
|
6.5 |
org.lz4:lz4-java < 1.8.0 |
at.yawk.lz4:lz4-java = 1.10.1 |
|
6.5 |
stdlib < v1.25.4 |
stdlib = 1.26.0 |
|
6.5 |
stdlib < v1.25.4 |
stdlib = 1.26.0 |
|
6.5 |
io.netty:netty-codec-http < 4.1.128.Final |
io.netty:netty-codec-http = 4.1.130.Final |
|
6.1 |
io.projectreactor.netty:reactor-netty-http < 1.2.8 |
io.projectreactor.netty:reactor-netty-http = 1.2.8 |
|
5.8 |
com.nimbusds:nimbus-jose-jwt < 10.0.2 |
com.nimbusds:nimbus-jose-jwt = 10.0.2 |
|
5.3 |
stdlib < v1.25.4 |
stdlib = 1.26.0 |
|
4.8 |
org.apache.logging.log4j:log4j-core < 2.24.3 |
org.apache.logging.log4j:log4j-core = 2.25.3 |
This patch release version depends upon Red Hat Universal Base Image 9 Minimal version 9.7-1771346502 for confluent-operator & confluent-init-container images.
CPC Gateway v1.1.2
CPC Gateway patch release version 1.1.2 addresses security hygiene improvements across CPC Gateway components through upgrades to third-party dependencies.
Security Vulnerabilities
CPC Gateway 1.1.2 did not include any upgrades related to exploitable security vulnerabilities.
Resolved security hygiene issues in 3rd party dependencies
The following list of package upgrades are related to vulnerabilities present in open-source packages depended upon by CPC Gateway. These are included as part of security hygiene. At this time, no exploitable vector has been identified for any of the CVEs present in the following table.
CVE |
CVSS |
Impacted Package Version |
Upgraded Package Version |
7.5 |
stdlib < v1.26.0 |
stdlib = 1.26.1 |
|
7.5 |
stdlib < v1.26.0 |
stdlib = 1.26.1 |
|
6.1 |
stdlib < v1.26.0 |
stdlib = 1.26.1 |
|
5.9 |
stdlib < v1.26.0 |
stdlib = 1.26.1 |
|
2.5 |
stdlib < v1.26.0 |
stdlib = 1.26.1 |
This patch release version depends upon Red Hat Universal Base Image 9 Minimal version 9.7-1771346502