Confluent for Kubernetes (CFK) patch release 3.2.2 addresses security hygiene improvements across CFK components through upgrades to third-party dependencies.
Security Vulnerabilities
Confluent for Kubernetes 3.2.2 did not include any upgrades related to exploitable security vulnerabilities.
Resolved hygiene issues related to Open-Source dependencies
The following list of package upgrades are related to vulnerabilities present in open-source packages depended upon by Confluent for Kubernetes. These are made available to enhance the security hygiene of Confluent software, as no exploitable vector was identified for the CVEs present in impacted packages.
CVE |
CVSS |
Impacted Package Version |
Upgraded Package Version |
9.8 |
github.com/cloudflare/circl < v1.6.1 |
github.com/cloudflare/circl = v1.6.3 |
|
9.1 |
google.golang.org/grpc < v1.65.0 |
google.golang.org/grpc = v1.80.0 |
|
7.5 |
stdlib < v1.25.7 |
stdlib = v1.26.1-X:boringcrypto |
|
7.5 |
stdlib < v1.25.8 |
stdlib = v1.26.1-X:boringcrypto |
|
7.5 |
stdlib < v1.25.8 |
stdlib = v1.26.1-X:boringcrypto |
|
7.5 |
stdlib < v1.25.8 |
stdlib = v1.26.1-X:boringcrypto |
|
7.5 |
github.com/go-jose/go-jose/v3 < v3.0.4 |
github.com/go-jose/go-jose/v3 = v3.0.5 |
|
7.0 |
go.opentelemetry.io/otel/sdk < v1.28.0 |
go.opentelemetry.io/otel/sdk = v1.43.0 |
|
7.0 |
go.opentelemetry.io/otel/sdk < v1.28.0 |
go.opentelemetry.io/otel/sdk = v1.43.0 |
|
6.5 |
github.com/moby/spdystream < v0.4.0 |
github.com/moby/spdystream = v0.5.1 |
|
6.4 |
stdlib < v1.25.8 |
stdlib = v1.26.1-X:boringcrypto |
|
6.1 |
stdlib < v1.25.7 |
stdlib = v1.26.1-X:boringcrypto |
|
6.1 |
stdlib < v1.25.8 |
stdlib = v1.26.1-X:boringcrypto |
|
5.5 |
stdlib < v1.25.8 |
stdlib = v1.26.1-X:boringcrypto |
|
5.3 |
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp < v1.27.0 |
go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp = v1.43.0 |
|
5 |
github.com/go-git/go-git/v5 < v5.16.5 |
github.com/go-git/go-git/v5 = v5.18.0 |
|
4.7 |
github.com/go-git/go-git/v5 < v5.16.5 |
github.com/go-git/go-git/v5 = v5.18.0 |
|
2.8 |
github.com/go-git/go-git/v5 < v5.16.5 |
github.com/go-git/go-git/v5 = v5.18.0 |
|
2.5 |
stdlib < v1.25.7 |
stdlib = v1.26.1-X:boringcrypto |
This patch release version depends upon Red Hat Universal Base Image 9 Micro version 9.7-1773894938.