Confluent Platform patch release version 5.5.9 contains numerous fixes that resolve CVEs in various open-source dependency versions depended upon by Confluent Platform components. Please note that none of the CVEs were identified to be exploitable in nature, and are only made available to enhance the security hygiene of Confluent software, unless otherwise noted.
The following package upgrades are included in this release version:
Resolved CVEs related to Open-Source Dependencies
CVE |
CVSS |
Impacted Package Version |
Upgraded Package Version |
7.5 |
zulu.openjdk < 8.0.332-1 |
zulu.openjdk:8.0.332-1 |
|
7.5 |
google:gson < 2.8.9 |
google:gson:2.9.0 |
|
7.5 |
fasterxml:jackson-databind < 2.12.6.1 |
fasterxml:jackson-databind:2.13.2.2 |
|
5.5 |
google:protobuf-java < 3.19.2 |
google:protobuf-java:3.19.4 |
|
5.3 |
jetbrains:kotlin < 1.6.0 |
jetbrains:kotlin:1.6.0 |