Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Latest Release with CVE Patching and Latest Fixes #652

Open
nerajchand opened this issue Jun 17, 2024 · 0 comments
Open

Latest Release with CVE Patching and Latest Fixes #652

nerajchand opened this issue Jun 17, 2024 · 0 comments

Comments

@nerajchand
Copy link

Firstly thank you for your continuous efforts and hard work on maintaining Kafdrop. It has been an invaluable tool for our Kafka ecosystem.

The latest release 4.0.1 contains a number of vulnerabilities (260 to be exact)

I've noticed among other issues raised, there seems to be some comments surrounding that the fix has already been merged into master, but unfortunately a new release hasn't been created since November 2023.
ref: #649 (comment)

Are you able to kindly please push this into a new release so we can take advantage of these fixes and security improvements 🙏🏼

Vulnerability Findings:

260 vulnerabilities found
12 Critical (12 fixable)
15 High (15 fixable)
132 Medium (123 fixable)
81 Low (32 fixable)
20 Negligible (0 fixable)

               PACKAGE               TYPE  VERSION  SUGGESTED FIX  CRITICAL  HIGH  MEDIUM  LOW  NEGLIGIBLE  EXPLOIT
  org.springframework:spring-web     java  6.0.12      v6.0.17        3       0      0      0       0          3
  org.springframework:spring-web     java  6.0.12      v6.0.17        3       0      0      0       0          3
  org.springframework:spring-web     java  6.0.12      v6.0.17        3       0      0      0       0          3
  org.yaml:snakeyaml                 java   1.33        v2.0          1       0      0      0       0          0
  org.yaml:snakeyaml                 java   1.33        v2.0          1       0      0      0       0          0
  org.yaml:snakeyaml                 java   1.33        v2.0          1       0      0      0       0          0
  org.xerial.snappy:snappy-java      java  1.1.8.4    v1.1.10.1       0       4      0      0       0          0
  org.xerial.snappy:snappy-java      java  1.1.8.4    v1.1.10.1       0       4      0      0       0          0
  org.xerial.snappy:snappy-java      java  1.1.8.4    v1.1.10.1       0       4      0      0       0          0
  org.springframework:spring-webmvc  java  6.0.12      v6.0.14        0       1      0      0       0          0

Thank you so much ☺️
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@nerajchand