[jira] [Resolved] (KAFKA-14206) Upgrade zookeeper to 3.7.1 to address security vulnerabilities

2023-08-21 Thread Mickael Maison (Jira)
ade zookeeper to 3.7.1 to address security vulnerabilities > -- > > Key: KAFKA-14206 > URL: https://issues.apache.org/jira/browse/KAFKA-14206 > Project: Kafka > Is

[jira] [Reopened] (KAFKA-14206) Upgrade zookeeper to 3.7.1 to address security vulnerabilities

2023-02-27 Thread Valeriy Kassenbayev (Jira)
per-jute-3.6.3.jar [mac /tmp]# {code} > Upgrade zookeeper to 3.7.1 to address security vulnerabilities > -- > > Key: KAFKA-14206 > URL: https://issues.apache.org/jira/browse/KAFKA-1

[jira] [Resolved] (KAFKA-14137) Security Vulnerabilities reported in CVE-2021-45046 and CVE-2021-45046

2022-10-18 Thread Greg Harris (Jira)
[ https://issues.apache.org/jira/browse/KAFKA-14137?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Greg Harris resolved KAFKA-14137. - Resolution: Fixed > Security Vulnerabilities reported in CVE-2021-45046 and CVE-2021-45

[jira] [Created] (KAFKA-14206) Upgrade zookeeper to 3.7.1 to address security vulnerabilities

2022-09-07 Thread Valeriy Kassenbayev (Jira)
Valeriy Kassenbayev created KAFKA-14206: --- Summary: Upgrade zookeeper to 3.7.1 to address security vulnerabilities Key: KAFKA-14206 URL: https://issues.apache.org/jira/browse/KAFKA-14206 Project

[jira] [Created] (KAFKA-14137) Security Vulnerabilities reported in CVE-2021-45046 and CVE-2021-45046

2022-08-03 Thread venkat (Jira)
venkat created KAFKA-14137: -- Summary: Security Vulnerabilities reported in CVE-2021-45046 and CVE-2021-45046 Key: KAFKA-14137 URL: https://issues.apache.org/jira/browse/KAFKA-14137 Project: Kafka

Re: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image

2021-09-01 Thread Luke Chen
m:* Jake Murphy Smith > *Sent:* 01 September 2021 09:31 > *To:* Ashish Patil > *Subject:* RE: [EXTERNAL] Re: Security vulnerabilities in > kafka:2.13-2.6.0/2.7.0 docker image > > > > > > > > *From:* Luke Chen > *Sent:* 01 September 2021 04:11 > *To:* Kafka

RE: [EXTERNAL] Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image

2021-09-01 Thread Ashish Patil
Hi Team I tried upgrading it to 2.13_2.8.0 but still have these vulnerabilities. [cid:image003.jpg@01D79F3D.5BA06A20] What is your suggestion on this? Thanks Ashish From: Jake Murphy Smith Sent: 01 September 2021 09:31 To: Ashish Patil Subject: RE: [EXTERNAL] Re: Security vulnerabilities in

Re: Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image

2021-08-31 Thread Luke Chen
o use the 2.6.0 docker image for Kafka but It has lots of > security vulnerabilities. > Please find the below list of security vulnerabilities > ** > CVE-2021-36159 > CVE-2020-25649 <https://github.com/advisories/GHSA-288c-cq4h-88gq> > CVE-2021-22926 > CVE-2021-22922 > CVE

Security vulnerabilities in kafka:2.13-2.6.0/2.7.0 docker image

2021-08-31 Thread Ashish Patil
Hi Team I wanted to use the 2.6.0 docker image for Kafka but It has lots of security vulnerabilities. Please find the below list of security vulnerabilities ** CVE-2021-36159 CVE-2020-25649<https://github.com/advisories/GHSA-288c-cq4h-88gq> CVE-2021-22926 CVE-2021-22922 CVE-2021-22924 CV

[jira] [Resolved] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities

2020-07-18 Thread Ismael Juma (Jira)
> upgrade zookeeper to 3.5.8 to address security vulnerabilities > -- > > Key: KAFKA-9996 > URL: https://issues.apache.org/jira/browse/KAFKA-9996 > Project: Kafka >

[jira] [Created] (KAFKA-9996) upgrade zookeeper to 3.5.8 to address security vulnerabilities

2020-05-14 Thread Emanuele Maccherani (Jira)
Emanuele Maccherani created KAFKA-9996: -- Summary: upgrade zookeeper to 3.5.8 to address security vulnerabilities Key: KAFKA-9996 URL: https://issues.apache.org/jira/browse/KAFKA-9996 Project

Security Vulnerabilities

2018-04-05 Thread Nikolaos Strongioglou
Is there a list including Kafka's outstanding security vulnerability issues like the ones posted in the majority of CVE databases. I am looking for something like this --> https://www.cvedetails.com/product/27453/Apache-Zookeeper.html?vendor_id=45

Re: Do the Jackson security vulnerabilities affect Kafka at all?

2018-02-21 Thread Jeff Widman
My bad, I forgot I had checked out the 1.0.1 source which has Jackson 2.9.1... I thought the fix required 2.9.3 based on what I'd been told by the security team at a customer (the original motivation behind my email), but I dug a bit deeper and it looks like 2.9.1 has the patch

Re: Do the Jackson security vulnerabilities affect Kafka at all?

2018-02-20 Thread Ismael Juma
Hi Jeff, Have you checked trunk and 1.1? They should be using the latest version. Ismael On Tue, Feb 20, 2018 at 10:38 PM, Jeff Widman wrote: > The Jackson JSON parser library had a couple of CVE's announced: > 1. CVE-2017-7525 > 2. CVE 2017-15095 > > Here's a skimmable summary: > https://adam

Do the Jackson security vulnerabilities affect Kafka at all?

2018-02-20 Thread Jeff Widman
The Jackson JSON parser library had a couple of CVE's announced: 1. CVE-2017-7525 2. CVE 2017-15095 Here's a skimmable summary: https://adamcaudill.com/2017/10/04/exploiting-jackson-rce-cve-2017-7525/ Looking at the source, it appears Kafka uses an older version of Jackson which has the vulnerabi

Kafka 1.0 process of security vulnerabilities

2017-12-14 Thread Lin Chen
All: We are deploying Kafka 1.0 as microservice. I want to understand the process of security vulnerabilities in the Kafka project. How the vulnerabilities are identified in addition to reported by users. Are any tools used for static and dynamic scan? Can the scan results be shared