[ https://issues.apache.org/jira/browse/NIFI-5599?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16616379#comment-16616379 ]
Pierre Villard edited comment on NIFI-5599 at 9/15/18 4:12 PM: --------------------------------------------------------------- Just to add more clarity on this JIRA. The existing processors (with current version) does not expose the issue as it requires authenticated Kafka users to manually create a very specific fetch request. Also, the fix for this CVE in on broker's side ([https://developer.ibm.com/dwblog/2018/anatomy-kafka-cve/]). However, we can expect users of Kafka to upgrade their brokers and best is to have the matching version for the kafka client. was (Author: pvillard): Just to add more clarity on this JIRA. The existing processors (with current version) does not expose the issue as it requires authenticated Kafka users to manually create a very specific fetch request. Also, the fix for this CVE in on broker's side ([https://developer.ibm.com/dwblog/2018/anatomy-kafka-cve/).] However, we can expect users of Kafka to upgrade their brokers and best is to have the matching version for the kafka client. > Bump Kafka versions > ------------------- > > Key: NIFI-5599 > URL: https://issues.apache.org/jira/browse/NIFI-5599 > Project: Apache NiFi > Issue Type: Improvement > Components: Extensions > Reporter: Pierre Villard > Assignee: Pierre Villard > Priority: Major > > I'd like to bump versions for the existing Kafka processors in order to > prevent CVE-2018-1288 > http://mail-archives.apache.org/mod_mbox/kafka-dev/201807.mbox/%3CCAOJcB3_j1XqXK3TnJaqZrga0d13=taYOVoG9cGG0og5Zf+=l...@mail.gmail.com%3E -- This message was sent by Atlassian JIRA (v7.6.3#76005)