Uploaded image for project: 'Beam'
  1. Beam
  2. BEAM-14256

Upgrade spring expression dependency

    XMLWordPrintableJSON

Details

    • Task
    • Status: Resolved
    • P2
    • Resolution: Fixed
    • None
    • 2.39.0
    • io-java-kafka
    • None

    Description

      Kafka IO depends on SpEL, and the current dependency has a vulnerability. Our usage of the library doesn't expose the vulnerability, but users have asked us to upgrade to be sure

      Attachments

        Issue Links

          duplicates

          Bug - A problem which impairs or prevents the functions of the product. BEAM-14227 CVE-2022-22965 vulnerability found in java-io-kafka component

          • P1 - Critical bug: data loss, total loss of function, or loss of testing signal due to test failures or flakiness
          • Resolved
          links to

          Web Link GitHub Pull Request #17282

          Activity

            People

              johnjcasey John Casey
              johnjcasey John Casey
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1h 20m
                  1h 20m