Hello,
Can you please share your plan for Jetty release?
Regards,
Apoorva Maheshwari
-----Original Message-----
From: Steven Schlansker <stevenschlansker@gmail.com>
Sent: 26 February 2026 22:00
To: users@kafka.apache.org
Cc: users-subscribe@kafka.apache.org; Abhishek Kant Rattan <abhishek.kant.rattan@ericsson.com>; Sahil Sharma D <sahil.d.sharma@ericsson.com>; Apoorva Maheshwari <apoorva.maheshwari@ericsson.com>
Subject: Re: Version info that supports Jetty v12.0.25
[You don't often get email from stevenschlansker@gmail.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]
> On Feb 16, 2026, at 1:14 AM, Apoorva Maheshwari via users <users@kafka.apache.org> wrote:
>
> Hello Team,
>
> Can you please confirm this pattern, that when we get any vulnerability of jetty and fix from Jetty is available, how soon Kafka release a new version with this Jetty?
If you are urgently needing to adopt a Jetty release on your own schedule, rather than Kafka's schedule, you can always adopt new Jetty with your current Kafka version using Maven's <dependencyManagement> feature. This works for most projects, not just Kafka.
Of course then you should test that the new combination works acceptably to your requirements, but it at least gives you an independent path forward without needing to pressure Kafka maintainers on new releases with dependency updates, until the normal release process delivers a fixed Kafka artifact.
>
> Regards,
> Apoorva Maheshwari
>
> From: Apoorva Maheshwari
> Sent: 13 February 2026 11:10
> To: 'users-subscribe@kafka.apache.org'
> <users-subscribe@kafka.apache.org>; 'users@kafka.apache.org'
> <users@kafka.apache.org>
> Cc: Abhishek Kant Rattan <abhishek.kant.rattan@ericsson.com>; Sahil
> Sharma D <sahil.d.sharma@ericsson.com>
> Subject: RE: Version info that supports Jetty v12.0.25
>
> Response awaited.
>
> Regards,
> Apoorva Maheshwari
>
> From: Apoorva Maheshwari
> Sent: 11 February 2026 10:30
> To:
> users-subscribe@kafka.apache.org<mailto:users-subscribe@kafka.apache.o
> rg>; users@kafka.apache.org<mailto:users@kafka.apache.org>
> Cc: Abhishek Kant Rattan
> <abhishek.kant.rattan@ericsson.com<mailto:abhishek.kant.rattan@ericsso
> n.com>>; Sahil Sharma D
> <sahil.d.sharma@ericsson.com<mailto:sahil.d.sharma@ericsson.com>>
> Subject: Version info that supports Jetty v12.0.25
>
> Hello Team,
>
> Please confirm your plan to release a version that supports Jetty v12.0.25, in order to address Jetty CVE-2025-5115.
>
> Regards,
> Apoorva Maheshwari
>
>
Can you please share your plan for Jetty release?
Regards,
Apoorva Maheshwari
-----Original Message-----
From: Steven Schlansker <stevenschlansker@gmail.com>
Sent: 26 February 2026 22:00
To: users@kafka.apache.org
Cc: users-subscribe@kafka.apache.org; Abhishek Kant Rattan <abhishek.kant.rattan@ericsson.com>; Sahil Sharma D <sahil.d.sharma@ericsson.com>; Apoorva Maheshwari <apoorva.maheshwari@ericsson.com>
Subject: Re: Version info that supports Jetty v12.0.25
[You don't often get email from stevenschlansker@gmail.com. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]
> On Feb 16, 2026, at 1:14 AM, Apoorva Maheshwari via users <users@kafka.apache.org> wrote:
>
> Hello Team,
>
> Can you please confirm this pattern, that when we get any vulnerability of jetty and fix from Jetty is available, how soon Kafka release a new version with this Jetty?
If you are urgently needing to adopt a Jetty release on your own schedule, rather than Kafka's schedule, you can always adopt new Jetty with your current Kafka version using Maven's <dependencyManagement> feature. This works for most projects, not just Kafka.
Of course then you should test that the new combination works acceptably to your requirements, but it at least gives you an independent path forward without needing to pressure Kafka maintainers on new releases with dependency updates, until the normal release process delivers a fixed Kafka artifact.
>
> Regards,
> Apoorva Maheshwari
>
> From: Apoorva Maheshwari
> Sent: 13 February 2026 11:10
> To: 'users-subscribe@kafka.apache.org'
> <users-subscribe@kafka.apache.org>; 'users@kafka.apache.org'
> <users@kafka.apache.org>
> Cc: Abhishek Kant Rattan <abhishek.kant.rattan@ericsson.com>; Sahil
> Sharma D <sahil.d.sharma@ericsson.com>
> Subject: RE: Version info that supports Jetty v12.0.25
>
> Response awaited.
>
> Regards,
> Apoorva Maheshwari
>
> From: Apoorva Maheshwari
> Sent: 11 February 2026 10:30
> To:
> users-subscribe@kafka.apache.org<mailto:users-subscribe@kafka.apache.o
> rg>; users@kafka.apache.org<mailto:users@kafka.apache.org>
> Cc: Abhishek Kant Rattan
> <abhishek.kant.rattan@ericsson.com<mailto:abhishek.kant.rattan@ericsso
> n.com>>; Sahil Sharma D
> <sahil.d.sharma@ericsson.com<mailto:sahil.d.sharma@ericsson.com>>
> Subject: Version info that supports Jetty v12.0.25
>
> Hello Team,
>
> Please confirm your plan to release a version that supports Jetty v12.0.25, in order to address Jetty CVE-2025-5115.
>
> Regards,
> Apoorva Maheshwari
>
>
Comments
Post a Comment