-
Notifications
You must be signed in to change notification settings - Fork 3.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[security] pulsar-io-kafka: upgrade jakarta.el to 3.0.4 to get rid of CVE-2021-28170 #13943
[security] pulsar-io-kafka: upgrade jakarta.el to 3.0.4 to get rid of CVE-2021-28170 #13943
Conversation
/pulsarbot rerun-failure-checks |
/pulsarbot rerun-failure-checks |
2 similar comments
/pulsarbot rerun-failure-checks |
/pulsarbot rerun-failure-checks |
@nicoloboschi - does this need to be cherry picked to older Pulsar versions? I can add labels, if so. |
I don't think so. We upgraded a lot of other libraries these days but only in the master branch. Pulsar 2.10 will be cleaner than the current release branches Thanks for asking @michaeljmarshall |
…VE-2021-28170 apache#13943 (cherry picked from commit b034f5a)
Motivation
org.glassfish:jakarta.el:3.0.3
is vulnerable to CVE-2021-28170.Links:
Modifications
Forced 3.0.4 version in pulsar-io/kafka
Documentation
no-need-doc