Skip to content

Commit dd9f773

Browse files
xie-shujianDarshitChanpura
xie-shujian
authored and
DarshitChanpura
committed
fix kafka CVE-2023-25194, update kafka client to 3.4.0 (opensearch-project#2484)
Signed-off-by: Shujian Xie <xiesj@live.com> Signed-off-by: Peter Nied <peternied@hotmail.com> (cherry picked from commit 7547d03)
1 parent 766cf3f commit dd9f773

File tree

1 file changed

+6
-5
lines changed

1 file changed

+6
-5
lines changed

build.gradle

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@ buildscript {
2222
opensearch_build = version_tokens[0] + '.0'
2323

2424
common_utils_version = System.getProperty("common_utils.version", '2.1.0.0')
25-
kafka_version = '3.0.2'
25+
kafka_version = '3.4.0'
2626

2727
if (buildVersionQualifier) {
2828
opensearch_build += "-${buildVersionQualifier}"
@@ -327,16 +327,16 @@ dependencies {
327327
runtimeOnly 'com.google.j2objc:j2objc-annotations:1.3'
328328
runtimeOnly 'com.google.code.findbugs:jsr305:3.0.2'
329329
runtimeOnly 'com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava'
330-
runtimeOnly 'org.lz4:lz4-java:1.7.1'
330+
runtimeOnly 'org.lz4:lz4-java:1.8.0'
331331
runtimeOnly 'io.dropwizard.metrics:metrics-core:3.1.2'
332332
runtimeOnly 'org.slf4j:slf4j-api:1.7.30'
333-
runtimeOnly 'org.xerial.snappy:snappy-java:1.1.8.1'
333+
runtimeOnly 'org.xerial.snappy:snappy-java:1.1.8.4'
334334
runtimeOnly 'org.codehaus.woodstox:stax2-api:4.2.1'
335335
runtimeOnly 'org.glassfish.jaxb:txw2:2.3.4'
336336
runtimeOnly 'com.fasterxml.woodstox:woodstox-core:6.4.0'
337337
runtimeOnly 'org.apache.ws.xmlschema:xmlschema-core:2.2.5'
338338
runtimeOnly 'org.apache.santuario:xmlsec:2.2.3'
339-
runtimeOnly 'com.github.luben:zstd-jni:1.5.0-2'
339+
runtimeOnly 'com.github.luben:zstd-jni:1.5.2-1'
340340
runtimeOnly 'org.checkerframework:checker-qual:3.5.0'
341341
runtimeOnly "org.bouncycastle:bcpkix-jdk15on:${versions.bouncycastle}"
342342

@@ -357,9 +357,10 @@ dependencies {
357357
testImplementation 'javax.servlet:servlet-api:2.5'
358358
testImplementation 'org.apache.httpcomponents:fluent-hc:4.5.13'
359359
testImplementation "org.apache.kafka:kafka_2.13:${kafka_version}"
360+
testImplementation "org.apache.kafka:kafka-group-coordinator:${kafka_version}"
360361
testImplementation "org.apache.kafka:kafka_2.13:${kafka_version}:test"
361362
testImplementation "org.apache.kafka:kafka-clients:${kafka_version}:test"
362-
testImplementation 'org.springframework.kafka:spring-kafka-test:2.8.6'
363+
testImplementation 'org.springframework.kafka:spring-kafka-test:2.9.6'
363364
testImplementation 'org.springframework:spring-beans:5.3.20'
364365
testImplementation 'org.junit.jupiter:junit-jupiter:5.8.2'
365366
testImplementation 'org.junit.jupiter:junit-jupiter-api:5.8.2'

0 commit comments

Comments
 (0)