Skip to main content

Kafka new version info with vulnerabilities fixes

Hello Team, Could you please confirm the plan to release a new Kafka version that includes fixes for vulnerabilities identified primarily in transient dependencies such as Jackson, JLine, OpenTelemetry and a few others? These are detected in kafka v4.3.0. Below is the list of identified vulnerabilities for reference: Kafka core CVE-2026-41115 OpenTelemetry CVE-2026-39882 CVE-2026-41078 CVE-2026-40894 CVE-2026-44967 JLine GHSA-2r2c-cx56-8933 GHSA-47qp-hqvx-6r3f XRAY-1005950 XRAY-1005951 Jackson - CVE-2026-54512 CVE-2026-54513 CVE-2026-54514 CVE-2026-54515 CVE-2026-54516 CVE-2026-54517 CVE-2026-54518 Regards Vivek

Comments