From a27282363aa2b97dda96750f6d1cbf55ebd752ae Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rados=C5=82aw=20Stankiewicz?= <radoslaws@google.com>
Date: Wed, 11 Dec 2024 20:35:42 +0100
Subject: [PATCH] Update confluent version to fix CVE-2024-26308 CVE-2024-25710
 (#32674)

* bump confluent version

Kafka Schema Registry Client has been reported with following vuln
CVE-2024-26308
CVE-2024-25710 due to vulnerable dependencies.

* try slighly older version due to unmet dependencies to ThrottlingQuotaExceededException

* try slighly older version due to unmet dependencies to ThrottlingQuotaExceededException

* comment on version
---
 sdks/java/io/kafka/build.gradle | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sdks/java/io/kafka/build.gradle b/sdks/java/io/kafka/build.gradle
index c2f056b0b7cb..04563c478d6d 100644
--- a/sdks/java/io/kafka/build.gradle
+++ b/sdks/java/io/kafka/build.gradle
@@ -31,7 +31,8 @@ enableJavaPerformanceTesting()
 description = "Apache Beam :: SDKs :: Java :: IO :: Kafka"
 ext {
     summary = "Library to read Kafka topics."
-    confluentVersion = "7.6.0"
+    // newer versions e.g. 7.6.* require dropping support for older kafka versions.
+    confluentVersion = "7.5.5"
 }
 
 def kafkaVersions = [