Loading...

XML

Word

Printable

Type: Task
Resolution: Done
Priority: Critical
Fix Version/s: EAP-XP-6.0 Update 2 CR3, EAP-XP-6.0 Update 2
Affects Version/s: None
Component/s: MP Reactive Messaging
Labels:
None

Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
CDW pm_ack:
CDW release:
Target Release:

EAP-XP-6.0.z.GA
Intelligence Requested:
Market:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

XP6 uses "kafka-clients" version 3.9.1.redhat-00006 [1] which has lz4-java 1.8.0.redhat-00010 [2] as dependency. This version of lz4-java contains CVE-2025-66566 and we need to update it (~~JBEAP-31645~~).

[1]

groupId: "org.apache.kafka"
artifactId: "kafka-clients"
version: "3.9.1.redhat-00006"

[2] https://indy.corp.redhat.com/api/content/maven/hosted/pnc-builds/org/apache/kafka/kafka-clients/3.9.1.redhat-00006/kafka-clients-3.9.1.redhat-00006.pom

is cloned by

JBEAP-31761 (xp-5.0.x) Update kafka-clients dependency lz4-java to version 1.10.1.rhel8-redhat-00001

is incorporated by

JBEAP-31755 (xp-6.0.z) Update kafka-clients from 3.9.1.redhat-00006 to 3.9.1.redhat-00007

Resolved

Assignee:: Kabir Khan

Reporter:: Ilia Vassilev

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2026/01/05 3:04 PM

Updated:: 2026/01/07 3:51 PM

Resolved:: 2026/01/07 12:41 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates