kafka-3.8/GHSA-78wr-2p64-hpwj advisory update (#8682)

* kafka-3.8/GHSA-78wr-2p64-hpwj advisory update * fix url for kafka-3.8.advisories.yaml Signed-off-by: jamie-albert <[email protected]> --------- Signed-off-by: jamie-albert <[email protected]>
wolfi-dev · Oct 16, 2024 · bb09c69 · bb09c69
1 parent e10dbb5
commit bb09c69
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/kafka-3.8.advisories.yaml b/kafka-3.8.advisories.yaml
@@ -21,6 +21,10 @@ advisories:
             componentType: java-archive
             componentLocation: /usr/lib/kafka/libs/commons-io-2.11.0.jar
             scanner: grype
+      - timestamp: 2024-10-16T08:32:23Z
+        type: pending-upstream-fix
+        data:
+          note: The commons-io dependency is a transitive dependency that Is brought in under swagger-core which is currently kept under 2.14.0 due to the fact that this version and up drop support for jdk8. The repository is currently working on transitioning on making jdk11 the minimum version but is in the middle of that process and is not currently ready. Here is the PR regarding this https://github.com/apache/kafka/pull/17441 and the project status can be found here https://issues.apache.org/jira/browse/KAFKA-12894
 
   - id: CGA-r5gc-w736-v6hf
     aliases: