<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 22:31:00 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[MODSER-9] Upgrade kafka-clients from 2.3.0 to &gt;= 3.6.0 fixing vulns</title>
                <link>https://folio-org.atlassian.net/browse/MODSER-9</link>
                <project id="10263" key="MODSER">mod-serials-management</project>
                    <description>&lt;p&gt;Upgrade org.apache.kafka:kafka-clients from 2.3.0 to &amp;gt;= 3.6.0 fixing multiple security vulnerabilities:&lt;/p&gt;

&lt;p&gt;kafka-clients - Timing Attack -&#160;&lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2021-38153&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2021-38153&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;The kafka-clients upgrade automatically upgrades snappy-java from 1.1.7.3 to 1.1.10.4 fixing these security vulnerabilities:&lt;/p&gt;

&lt;p&gt;snappy-java -&#160;Allocation of Resources Without Limits or Throttling - &lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2023-43642&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2023-43642&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;snappy-java -&#160;Denial of Service (DoS) - &lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2023-34455&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2023-34455&lt;/a&gt;&lt;/p&gt;


&lt;p&gt;snappy-java -&#160;Integer Overflow or Wraparound - &lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2023-34453&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2023-34453&lt;/a&gt;&#160;, &lt;a href=&quot;https://nvd.nist.gov/vuln/detail/CVE-2023-34454&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://nvd.nist.gov/vuln/detail/CVE-2023-34454&lt;/a&gt;&lt;/p&gt;</description>
                <environment></environment>
        <key id="79218">MODSER-9</key>
            <summary>Upgrade kafka-clients from 2.3.0 to &gt;= 3.6.0 fixing vulns</summary>
                <type id="10003" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium">Task</type>
                                            <priority id="10002" iconUrl="https://dev.folio.org/assets/jira-priority/jira-p3.svg">P3</priority>
                        <status id="1" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/open.png" description="The issue is open and ready for the assignee to start work on it.">Open</status>
                    <statusCategory id="2" key="new" colorName="blue-gray"/>
                                    <resolution id="-1">Unresolved</resolution>
                                                        <assignee accountid="557058:f42d9c43-226d-4aa3-bb31-9b2dd07920aa">Owen Stephens</assignee>
                                                                <reporter accountid="5ee89462f7aa140abd82d11d">Julian Ladisch</reporter>
                                    <labels>
                            <label>security</label>
                            <label>security-reviewed</label>
                    </labels>
                <created>Sun, 15 Oct 2023 18:22:14 +0000</created>
                <updated>Thu, 19 Oct 2023 15:37:38 +0000</updated>
                                                                                <due></due>
                            <votes>0</votes>
                                    <watches>2</watches>
                                                                        <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10159"><![CDATA[K-Int]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10063" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>PO Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10106" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>RCA Group</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10385"><![CDATA[Related dependency upgrade]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i08ax4:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    </customfields>
    </item>
</channel>
</rss>