Upgrade kafka-avro-serializer dependency #549
Labels
Comments
mroiter-larus
added
enhancement
mroiter-larus
added a commit
to mroiter-larus/neo4j-streams
that referenced
this issue
Jul 25, 2023
mroiter-larus
added a commit
to mroiter-larus/neo4j-streams
that referenced
this issue
Jul 25, 2023
mroiter-larus
added a commit
to mroiter-larus/neo4j-streams
that referenced
this issue
Jul 26, 2023
conker84
added a commit
that referenced
this issue
Sep 1, 2023
* Issue #549: Upgrade kafka-avro-serializer dependency * fixed flaky test * fixed KafkaEventRouterEnterpriseTSE * Fixed SchemaRegistryContainer * Ali feedback * jackson 2.15.3 doesn't exist, downgrade to 2.15.2 * updated api * downgrade to jackson 2.14.3 --------- Co-authored-by: Andrea Santurbano <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Feature description
From Zendesk ticket #21480 has been highlighted the need to upgrade
kafka-avro-serializerdependency from the version 5.2.2 (which includes an old version of Netty library - 3.10.6.Final - with a security vulnerability) to the 7.2.2.Could this result into the needs to update also the
kafka-clientslibrary accordingly? Actually we're using 2.4.1, which has some vulnerabilities (see more details at the following link: https://mvnrepository.com/artifact/org.apache.kafka/kafka-clients/2.4.1)The text was updated successfully, but these errors were encountered: