[jira] [Commented] (KAFKA-15658) Zookeeper.jar | CVE-2023-44981
[ https://issues.apache.org/jira/browse/KAFKA-15658?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17789949#comment-17789949 ] David Dufour commented on KAFKA-15658: -- Is there any plan to fix 3.5.x as well? > Zookeeper.jar | CVE-2023-44981 > --- > > Key: KAFKA-15658 > URL: https://issues.apache.org/jira/browse/KAFKA-15658 > Project: Kafka > Issue Type: Bug >Reporter: masood >Priority: Critical > Fix For: 3.7.0, 3.6.1 > > > The > [CVE-2023-44981|https://www.mend.io/vulnerability-database/CVE-2023-44981] > vulnerability has been reported in the zookeeper.jar. > It's worth noting that the latest version of Kafka has a dependency on > version 3.8.2 of Zookeeper, which is also impacted by this vulnerability. > [https://mvnrepository.com/artifact/org.apache.zookeeper/zookeeper/3.8.2|https://mvnrepository.com/artifact/org.apache.zookeeper/zookeeper/3.8.2.] > could you please verify its impact on the Kafka. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (KAFKA-15658) Zookeeper.jar | CVE-2023-44981
[ https://issues.apache.org/jira/browse/KAFKA-15658?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17785874#comment-17785874 ] Divij Vaidya commented on KAFKA-15658: -- 3.6.1 - tentative release in Dec'23 3.7.0 - scheduled release in Jan'24 > Zookeeper.jar | CVE-2023-44981 > --- > > Key: KAFKA-15658 > URL: https://issues.apache.org/jira/browse/KAFKA-15658 > Project: Kafka > Issue Type: Bug >Reporter: masood >Priority: Critical > Fix For: 3.7.0, 3.6.1 > > > The > [CVE-2023-44981|https://www.mend.io/vulnerability-database/CVE-2023-44981] > vulnerability has been reported in the zookeeper.jar. > It's worth noting that the latest version of Kafka has a dependency on > version 3.8.2 of Zookeeper, which is also impacted by this vulnerability. > [https://mvnrepository.com/artifact/org.apache.zookeeper/zookeeper/3.8.2|https://mvnrepository.com/artifact/org.apache.zookeeper/zookeeper/3.8.2.] > could you please verify its impact on the Kafka. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (KAFKA-15658) Zookeeper.jar | CVE-2023-44981
[ https://issues.apache.org/jira/browse/KAFKA-15658?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=1937#comment-1937 ] masood commented on KAFKA-15658: What would be the tentative date of v3.6.1 or v3.7. > Zookeeper.jar | CVE-2023-44981 > --- > > Key: KAFKA-15658 > URL: https://issues.apache.org/jira/browse/KAFKA-15658 > Project: Kafka > Issue Type: Bug >Reporter: masood >Priority: Critical > > The > [CVE-2023-44981|https://www.mend.io/vulnerability-database/CVE-2023-44981] > vulnerability has been reported in the zookeeper.jar. > It's worth noting that the latest version of Kafka has a dependency on > version 3.8.2 of Zookeeper, which is also impacted by this vulnerability. > [https://mvnrepository.com/artifact/org.apache.zookeeper/zookeeper/3.8.2|https://mvnrepository.com/artifact/org.apache.zookeeper/zookeeper/3.8.2.] > could you please verify its impact on the Kafka. -- This message was sent by Atlassian Jira (v8.20.10#820010)
[jira] [Commented] (KAFKA-15658) Zookeeper.jar | CVE-2023-44981
[ https://issues.apache.org/jira/browse/KAFKA-15658?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=1749#comment-1749 ] Divij Vaidya commented on KAFKA-15658: -- This is fixed in 3.6.1 and 3.7.0 versions as part of https://issues.apache.org/jira/browse/KAFKA-15596 > Zookeeper.jar | CVE-2023-44981 > --- > > Key: KAFKA-15658 > URL: https://issues.apache.org/jira/browse/KAFKA-15658 > Project: Kafka > Issue Type: Bug >Reporter: masood >Priority: Critical > > The > [CVE-2023-44981|https://www.mend.io/vulnerability-database/CVE-2023-44981] > vulnerability has been reported in the zookeeper.jar. > It's worth noting that the latest version of Kafka has a dependency on > version 3.8.2 of Zookeeper, which is also impacted by this vulnerability. > [https://mvnrepository.com/artifact/org.apache.zookeeper/zookeeper/3.8.2|https://mvnrepository.com/artifact/org.apache.zookeeper/zookeeper/3.8.2.] > could you please verify its impact on the Kafka. -- This message was sent by Atlassian Jira (v8.20.10#820010)
