KAFKA-14994: jose4j is vulnerable to CVE- Improper Cryptographic Algorithm (#13717)

Reviewers: Manikumar Reddy <manikumar.reddy@gmail.com>
2 years ago · fa7818dff5
2 changed files with 3 additions and 3 deletions
--- a/2
+++ b/2
@ -234,7 +234,7 @@ jetty-util-9.4.48.v20220622
				@@ -234,7 +234,7 @@ jetty-util-9.4.48.v20220622
 jetty-util-ajax-9.4.48.v20220622
 jersey-common-2.34
 jersey-server-2.34
-jose4j-0.7.9
+jose4j-0.9.3
 lz4-java-1.8.0
 maven-artifact-3.8.4
 metrics-core-4.1.12.1
--- a/gradle/dependencies.gradle
+++ b/gradle/dependencies.gradle
@ -82,7 +82,7 @@ versions += [
				@@ -82,7 +82,7 @@ versions += [
  jaxrs: "2.1.1",
  jfreechart: "1.0.0",
  jopt: "5.0.4",
-  jose4j: "0.7.9",
+  jose4j: "0.9.3",
  junit: "5.9.3",
  jqwik: "1.7.2",
  kafka_0100: "0.10.0.1",
@ -214,7 +214,7 @@ libs += [
				@@ -214,7 +214,7 @@ libs += [
  slf4jApi: "org.slf4j:slf4j-api:$versions.slf4j",
  slf4jlog4j: "org.slf4j:slf4j-log4j12:$versions.slf4j",
  snappy: "org.xerial.snappy:snappy-java:$versions.snappy",
-  swaggerAnnotations: "io.swagger.core.v3:swagger-annotations:$versions.swaggerAnnotations", 
+  swaggerAnnotations: "io.swagger.core.v3:swagger-annotations:$versions.swaggerAnnotations",
  swaggerJaxrs2: "io.swagger.core.v3:swagger-jaxrs2:$versions.swaggerJaxrs2",
  zookeeper: "org.apache.zookeeper:zookeeper:$versions.zookeeper",
  jfreechart: "jfreechart:jfreechart:$versions.jfreechart",