[jira] [Created] (KAFKA-18204) Upgrade to rocksdb 8.x+ (ideally 9.x)

Radha Krishna Peteti (Jira) Tue, 10 Dec 2024 19:54:22 -0800

Radha Krishna Peteti created KAFKA-18204:
--------------------------------------------


             Summary: Upgrade to rocksdb 8.x+ (ideally 9.x)
                 Key: KAFKA-18204
                 URL: https://issues.apache.org/jira/browse/KAFKA-18204
             Project: Kafka
          Issue Type: Bug
            Reporter: Radha Krishna Peteti


Kafka still uses rocksdbjni version 7.x (ref: 
[https://github.com/apache/kafka/blob/trunk/gradle/dependencies.gradle#L120]) 
which is no longer receiving backports from upstream.
Please update to rocksdb version 9.x (latest version) so that security updates 
are received.

Examples for critical vulnerabilities (CVE score 9.8) in rocksdb version 7.x:
[https://nvd.nist.gov/vuln/detail/CVE-2023-45853]
[https://nvd.nist.gov/vuln/detail/CVE-2022-37434]

(updating to the tip of 8.x release fixes these two vulnerabilities but for any 
new security fixes, we will need to move to 9.x)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (KAFKA-18204) Upgrade to rocksdb 8.x+ (ideally 9.x)

Reply via email to