Hi Randall,
Could you please share the JIRA ticket or the fixing commit? It might help
to evaluate the impact better.
Thank you!
Ivan
On Tue, 21 Sept 2021 at 19:37, Randall Hauch wrote:
> Severity: moderate
>
> Description:
>
> Some components in Apache Kafka use `Arrays.equals` to validate
Severity: moderate
Description:
Some components in Apache Kafka use `Arrays.equals` to validate a
password or key, which is vulnerable to timing attacks that make brute
force attacks for such credentials more likely to be successful. Users
should upgrade to 2.8.1 or higher, or 3.0.0 or higher
