Multiple vulerabilities in docker confluentinc/cp-kafka-connect:7.5.1

[lawrencemq]

• ID Severity Package Name Package Version
• CVE-2022-1471 critical org.yaml_snakeyaml 1.16
• CVE-2023-44981 critical org.apache.zookeeper_zookeeper 3.6.3
• CVE-2023-44981 critical org.apache.zookeeper_zookeeper 3.6.4
• PRISMA-2023-0067 high com.fasterxml.jackson.core_jackson-core 2.13.5
• PRISMA-2023-0067 high com.fasterxml.jackson.core_jackson-core 2.14.2
• CVE-2023-5072 high org.json_json 20230227
• CVE-2022-25857 high org.yaml_snakeyaml 1.16
• CVE-2017-18640 high org.yaml_snakeyaml 1.16
• CVE-2023-4586 high io.netty_netty-codec 4.1.96.Final
• CVE-2023-4586 high io.netty_netty-codec 4.1.86.Final
• CVE-2023-4586 high io.netty_netty-codec 4.1.89.Final

[Tester2k23]

+1
same for cp-schema-registry image:7.x.x

[c3ivodujmovic]

Any updates on the timeline for fix and/or mitigations? There are criticals in the list...

[ayushkhandelwal317]

Team, please take a look at it and prioritize it. There are some critical vulnerabilities coming from confluentinc/cp-schema-registry:7.5.3 and confluentinc/cp-kafka-connect:7.5.3

[pminkov]

+1

[asanuy]

Hey folks, do you have any estimation on when these vulnerabilities will be fixed? Thank you.

[gcaragea]

Team, please take a look at this as this is putting our deployment at risk and we will likely have to look for alternatives.

[alanperius]

Any update for confluentinc/cp-kafka-connect:7.5.3 ?

[janjwerner-confluent]

Hi,
All the issues other than
PRISMA-2023-0067 high com.fasterxml.jackson.core_jackson-core 2.13.5
PRISMA-2023-0067 high com.fasterxml.jackson.core_jackson-core 2.14.2
have been addressed.
Please update to the latest Confluent Platform images.
for the up to date information please follow:
https://support.confluent.io/hc/en-us/sections/360008413952-Security-Advisories-and-Security-Release-Notes