Kafka

If you look at the dependancies for 4.0.2 and 4.1.2 you can see that Jetty 12.0.25 is present there. https://github.com/apache/kafka/blob/4.0.2/gradle/dependencies.gradle https://github.com/apache/kafka/blob/4.1.2/gradle/dependencies.gradle Kind regards, JIm > On 20 Mar 2026, at 05:21, Ashish Verma V < ashish.v.verma@ericsson.com > wrote: > > Hi Jim, > > Any update on this query. > > Thanks > Ashish Verma > From: Apoorva Maheshwari < apoorva.maheshwari@ericsson.com > > Sent: 16 March 2026 08:39 > To: Jim Halfpenny <jim.halfpenny@stackable.tech> > Cc: users@kafka.apache.org ; Steven Schlansker < stevenschlansker@gmail.com >; users-subscribe@kafka.apache.org ; Abhishek Kant Rattan < abhishek.kant.rattan@ericsson.com >; Sahil Sharma D < sahil.d.sharma@ericsson.com >; Ashish Verma V < ashish.v.verma@ericsson.com > > Subject: RE: Version info that supports Jetty v12.0.25 > ...

Appreciate for the essential patch release! > Viktor Somogyi-Vass < viktor@apache.org > 於 2026年3月20日 下午6:35 寫道： > > The Apache Kafka community is pleased to announce the release for Apache > Kafka 4.0.2 > > This bug-fix release includes several critical fixes as documented in > the release notes. > > All of the changes in this release can be found in the release notes: > https://www.apache.org/dist/kafka/4.0.2/RELEASE_NOTES.html > > > An overview of the release can be found in our announcement blog post: > https://kafka.apache.org/blog > > You can download the source and binary release (Scala 2.13) from: > https://kafka.apache.org/downloads#4.0.2 > > --------------------------------------------------------------------------------------------------- > > > Apache Kafka is a distributed streaming platform with four core APIs: > > > ** The Producer API allows an applic...

The Apache Kafka community is pleased to announce the release for Apache Kafka 4.0.2 This bug-fix release includes several critical fixes as documented in the release notes. All of the changes in this release can be found in the release notes: https://www.apache.org/dist/kafka/4.0.2/RELEASE_NOTES.html An overview of the release can be found in our announcement blog post: https://kafka.apache.org/blog You can download the source and binary release (Scala 2.13) from: https://kafka.apache.org/downloads#4.0.2 --------------------------------------------------------------------------------------------------- Apache Kafka is a distributed streaming platform with four core APIs: ** The Producer API allows an application to publish a stream of records to one or more Kafka topics. ** The Consumer API allows an application to subscribe to one or more topics and process the stream of records produced to them. ** The Streams API allows an application to a...

Hi Jim, Any update on this query. Thanks Ashish Verma From: Apoorva Maheshwari < apoorva.maheshwari@ericsson.com > Sent: 16 March 2026 08:39 To: Jim Halfpenny <jim.halfpenny@stackable.tech> Cc: users@kafka.apache.org ; Steven Schlansker < stevenschlansker@gmail.com >; users-subscribe@kafka.apache.org ; Abhishek Kant Rattan < abhishek.kant.rattan@ericsson.com >; Sahil Sharma D < sahil.d.sharma@ericsson.com >; Ashish Verma V < ashish.v.verma@ericsson.com > Subject: RE: Version info that supports Jetty v12.0.25 Hello, CVE-2025-5115 is fixed in Jetty 12.0.25. Although, latest released Kafka 4.2.0 still have dependency on Jetty 12.0.22. Kindly let us know in which kakfa version, you are planning to take Jetty 12.0.25 or later. Regards, Apoorva Maheshwari From: Jim Halfpenny <jim.halfpenny@stackable.tech<mailto: jim.halfpenny@stackable.tech >> Sent: 12 March 2026 13:05 To: Apoorva Maheshwari < apoorva.maheshwari@...

The Apache Kafka community is pleased to announce the release for Apache Kafka 4.1.2. This bug-fix release includes several critical fixes as documented in the release notes. All of the changes in this release can be found in the release notes: https://www.apache.org/dist/kafka/4.1.2/RELEASE_NOTES.html An overview of the release can be found in our announcement blog post: https://kafka.apache.org/blog You can download the source and binary release from: https://kafka.apache.org/community/downloads/#412 --------------------------------------------------------------------------------------------------- Apache Kafka is a distributed streaming platform with four core APIs: ** The Producer API allows an application to publish a stream of records to one or more Kafka topics. ** The Consumer API allows an application to subscribe to one or more topics and process the stream of records produced to them. ** The Streams API allows an application to act as...

Version 12.0.25 will be included in the following Kafka releases: 4.3.0, 4.2.1, 4.0.2, 4.1.2, 3.9.3 see https://issues.apache.org/jira/browse/KAFKA-20168 On 2026/03/16 03:08:35 Apoorva Maheshwari via users wrote: > Hello, > > CVE-2025-5115 is fixed in Jetty 12.0.25. > Although, latest released Kafka 4.2.0 still have dependency on Jetty 12.0.22. > Kindly let us know in which kakfa version, you are planning to take Jetty 12.0.25 or later. > > Regards, > Apoorva Maheshwari > > From: Jim Halfpenny <jim.halfpenny@stackable.tech> > Sent: 12 March 2026 13:05 > To: Apoorva Maheshwari < apoorva.maheshwari@ericsson.com > > Cc: users@kafka.apache.org ; Steven Schlansker < stevenschlansker@gmail.com >; users-subscribe@kafka.apache.org ; Abhishek Kant Rattan < abhishek.kant.rattan@ericsson.com >; Sahil Sharma D < sahil.d.sharma@ericsson.com > > Subject: Re: Version info that supports Jetty v12.0.25...

Hello, CVE-2025-5115 is fixed in Jetty 12.0.25. Although, latest released Kafka 4.2.0 still have dependency on Jetty 12.0.22. Kindly let us know in which kakfa version, you are planning to take Jetty 12.0.25 or later. Regards, Apoorva Maheshwari From: Jim Halfpenny <jim.halfpenny@stackable.tech> Sent: 12 March 2026 13:05 To: Apoorva Maheshwari < apoorva.maheshwari@ericsson.com > Cc: users@kafka.apache.org ; Steven Schlansker < stevenschlansker@gmail.com >; users-subscribe@kafka.apache.org ; Abhishek Kant Rattan < abhishek.kant.rattan@ericsson.com >; Sahil Sharma D < sahil.d.sharma@ericsson.com > Subject: Re: Version info that supports Jetty v12.0.25 You don't often get email from jim.halfpenny@stackable.tech<mailto: jim.halfpenny@stackable.tech >. Learn why this is important< https://aka.ms/LearnAboutSenderIdentification > Hi Apoorva, I made a typo in my email, I was referring to CVE-2025-5115. The short answer is upgra...