From 2f2c7b1843df4e8a0bf1b81cd54d8f546f093410 Mon Sep 17 00:00:00 2001
From: patilk234 <54437468+patilk234@users.noreply.github.com>
Date: Fri, 26 Jul 2024 13:23:29 +0530
Subject: [PATCH 1/3] Upgraded springboot & kafka-clients version

This bump will resolve security vulnerabilities present in kafka-client 3.5.0 and tomcat 10.1.12 and snappy-java 1.1.10.0
---
 pom.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pom.xml b/pom.xml
index aa02a56f0e9..4991fa76a52 100644
--- a/pom.xml
+++ b/pom.xml
@@ -30,13 +30,13 @@
         <datasketches-java.version>3.1.0</datasketches-java.version>
         <groovy.version>3.0.13</groovy.version>
         <jackson.version>2.14.0</jackson.version>
-        <kafka-clients.version>3.5.0</kafka-clients.version>
+        <kafka-clients.version>3.5.2</kafka-clients.version>
         <org.mapstruct.version>1.5.5.Final</org.mapstruct.version>
         <org.projectlombok.version>1.18.24</org.projectlombok.version>
         <protobuf-java.version>3.23.3</protobuf-java.version>
         <scala-lang.library.version>2.13.9</scala-lang.library.version>
         <snakeyaml.version>2.0</snakeyaml.version>
-        <spring-boot.version>3.1.3</spring-boot.version>
+        <spring-boot.version>3.2.7</spring-boot.version>
         <kafka-ui-serde-api.version>1.0.0</kafka-ui-serde-api.version>
         <odd-oddrn-generator.version>0.1.17</odd-oddrn-generator.version>
         <odd-oddrn-client.version>0.1.26</odd-oddrn-client.version>

From d1d98814adc52a47cc5bd1911c966de79979baf6 Mon Sep 17 00:00:00 2001
From: patilk234 <54437468+patilk234@users.noreply.github.com>
Date: Fri, 26 Jul 2024 13:25:32 +0530
Subject: [PATCH 2/3] Upgraded aws-msk-iam-auth to 2.2.0

Upgrading aws-msk-iam-auth will resolve vulns present in 1.1.7
---
 kafka-ui-api/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kafka-ui-api/pom.xml b/kafka-ui-api/pom.xml
index d572a4ffa34..ad9e422f235 100644
--- a/kafka-ui-api/pom.xml
+++ b/kafka-ui-api/pom.xml
@@ -97,7 +97,7 @@
         <dependency>
             <groupId>software.amazon.msk</groupId>
             <artifactId>aws-msk-iam-auth</artifactId>
-            <version>1.1.7</version>
+            <version>2.2.0</version>
         </dependency>
 
         <dependency>

From 828765ea7050dbb9406f4d2e546a0998f2112be5 Mon Sep 17 00:00:00 2001
From: patilk234 <54437468+patilk234@users.noreply.github.com>
Date: Fri, 26 Jul 2024 13:27:03 +0530
Subject: [PATCH 3/3] Upgrade kafka to 3.6.1

Upgrading kafka version to 3.6.1 will resolve security vulns from 3.3.1
---
 kafka-ui-e2e-checks/pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kafka-ui-e2e-checks/pom.xml b/kafka-ui-e2e-checks/pom.xml
index 22c17bf9609..04eb42f9f4c 100644
--- a/kafka-ui-e2e-checks/pom.xml
+++ b/kafka-ui-e2e-checks/pom.xml
@@ -25,7 +25,7 @@
         <assertj.version>3.24.2</assertj.version>
         <hamcrest.version>2.2</hamcrest.version>
         <slf4j.version>2.0.7</slf4j.version>
-        <kafka.version>3.3.1</kafka.version>
+        <kafka.version>3.6.1</kafka.version>
     </properties>
 
     <dependencies>