5.3
CVSS V3
Status
Impact
Remediating this CVE requires dropping support for JDK11Â which is why the changes are not being back ported from the main branch into version branches 3.8 and 3.9. This will be fixed in the kafka-4.0.0 release which is targeted in to land in late January 2025.
Status
Impact
Updating jetty to a non-vulnerable version would require 3 major version bumps, which would be a very significant upgrade with multiple breaking changes, and should only be undertaken by the upstream maintainers.
Status