Skip to content

NONJAVACLI-4301: update openssl, zlib, libzstd,cJson and curl#5346

Open
Jan Werner (janjwerner-confluent) wants to merge 11 commits intomasterfrom
jjwerner/cve_fixes_03_2026
Open

NONJAVACLI-4301: update openssl, zlib, libzstd,cJson and curl#5346
Jan Werner (janjwerner-confluent) wants to merge 11 commits intomasterfrom
jjwerner/cve_fixes_03_2026

Conversation

@janjwerner-confluent
Copy link
Member

@janjwerner-confluent Jan Werner (janjwerner-confluent) commented Mar 5, 2026
edited
Loading

Update:

  • cJSON to 1.7.19
  • OpenSSL to 3.0.19
  • libCurl to 8.18.0
  • zstd to 1.5.7
  • zlib to 1.3.2

Resolves:
#5331
#5305
#5084

Copilot AI review requested due to automatic review settings March 5, 2026 18:42
@confluent-cla-assistant
Copy link

confluent-cla-assistant bot commented Mar 5, 2026

🎉 All Contributor License Agreements have been signed. Ready to merge.
Please push an empty commit if you would like to re-run the checks to verify CLA status for all contributors.

@janjwerner-confluent Jan Werner (janjwerner-confluent) changed the title update openssl, zlib, libzstd, and curl update openssl, zlib, libzstd,cJson and curl Mar 5, 2026
Copilot AI reviewed Mar 5, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@janjwerner-confluent Jan Werner (janjwerner-confluent) changed the title update openssl, zlib, libzstd,cJson and curl NONJAVACLI-4301: update openssl, zlib, libzstd,cJson and curl Mar 5, 2026
This was referenced Mar 5, 2026
Open
Open
Open
Open
@nachose
Copy link

Jose Ignacio Seco Sanz (nachose) commented Mar 6, 2026
edited
Loading

We are affected by this issue. We are being reported on the incorrect version of ssl.

I don't know the project, so sorry if what I say does not make sense, but shouldn't openssl version be also updated to version 3.3.6 in vcpkg.json?.

Thanks.

Maciej Mensfeld (mensfeld) added a commit to karafka/wiki that referenced this pull request Mar 6, 2026
@mensfeld
chore: update SBOM for upcoming librdkafka dependency bumps
747792b 
Aligns SBOM with confluentinc/librdkafka#5346:
- cJSON 1.7.14 → 1.7.19
- OpenSSL 3.0.16 → 3.0.19
- zlib 1.3.1 → 1.3.2
@mensfeld Maciej Mensfeld (mensfeld) mentioned this pull request Mar 6, 2026
Merged
Maciej Mensfeld (mensfeld) added a commit to karafka/wiki that referenced this pull request Mar 7, 2026
@mensfeld
chore: update SBOM for upcoming librdkafka dependency bumps (#461)
9b42131 
Aligns SBOM with confluentinc/librdkafka#5346:
- cJSON 1.7.14 → 1.7.19
- OpenSSL 3.0.16 → 3.0.19
- zlib 1.3.1 → 1.3.2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@janjwerner-confluent @nachose