zlib library security vulnerability through to version 1.3

[MiikaL]

Description

We use the Confluent.Kafka nuget which makes use of librdkafka, and we are receiving a security warning about the version of zlib in use:

One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '8.0':
zlib1.dll: CVE-2023-45853(9.8), CVE-2002-0059(9.8), CVE-2022-37434(9.8)

https://nvd.nist.gov/vuln/detail/CVE-2023-45853

How to reproduce

Checklist

Please provide the following information:

• A complete (i.e. we can run it), minimal program demonstrating the problem. No need to supply a project file.: N/A
• Confluent.Kafka nuget version: 2.3.0
• Apache Kafka version: N/A
• Client configuration: N/A
• Operating system: Windows/.Net
• Provide logs (with "debug" : "..." as necessary in configuration): N/A
• Provide broker log excerpts: N/A
• Critical issue: Critical security vulnerability

[janjwerner-confluent]

@MiikaL
Thank you for bringing it to our attention, this should be resolved with a fix to librdkafka that will get propagated here.