From c52509054d220d252a87dfd3555389ae2cd8094d Mon Sep 17 00:00:00 2001
From: Paul-Christian Volkmer <volkmer_p@ukw.de>
Date: Wed, 30 Aug 2023 13:26:05 +0200
Subject: [PATCH] chore: Add kafka-clients dependency with fixed version to
 mitigate CVEs

This will use version 3.5.1 of kafka-clients dependency to prevent issues due to
CVE-2023-34453, CVE-2023-34454 and CVE-2023-34455
---
 build.gradle.kts | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/build.gradle.kts b/build.gradle.kts
index b0aabc3..c074b3b 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -20,6 +20,10 @@ var versions = mapOf(
     "mockito-kotlin" to "5.1.0"
 )
 
+// Override Apache Kafka to be used
+// Fixes: CVE-2023-34455, CVE-2023-34454, CVE-2023-34453
+extra["kafka.version"] = "3.5.1"
+
 java {
     sourceCompatibility = JavaVersion.VERSION_17
 }