[
https://issues.apache.org/jira/browse/NIFI-5599?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16616379#comment-16616379
]
Pierre Villard edited comment on NIFI-5599 at 9/15/18 4:12 PM:
---------------------------------------------------------------
Just to add more clarity on this JIRA. The existing processors (with current
version) does not expose the issue as it requires authenticated Kafka users to
manually create a very specific fetch request. Also, the fix for this CVE in on
broker's side ([https://developer.ibm.com/dwblog/2018/anatomy-kafka-cve/]).
However, we can expect users of Kafka to upgrade their brokers and best is to
have the matching version for the kafka client.
was (Author: pvillard):
Just to add more clarity on this JIRA. The existing processors (with current
version) does not expose the issue as it requires authenticated Kafka users to
manually create a very specific fetch request. Also, the fix for this CVE in on
broker's side ([https://developer.ibm.com/dwblog/2018/anatomy-kafka-cve/).]
However, we can expect users of Kafka to upgrade their brokers and best is to
have the matching version for the kafka client.
> Bump Kafka versions
> -------------------
>
> Key: NIFI-5599
> URL: https://issues.apache.org/jira/browse/NIFI-5599
> Project: Apache NiFi
> Issue Type: Improvement
> Components: Extensions
> Reporter: Pierre Villard
> Assignee: Pierre Villard
> Priority: Major
>
> I'd like to bump versions for the existing Kafka processors in order to
> prevent CVE-2018-1288
> http://mail-archives.apache.org/mod_mbox/kafka-dev/201807.mbox/%3CCAOJcB3_j1XqXK3TnJaqZrga0d13=taYOVoG9cGG0og5Zf+=l...@mail.gmail.com%3E
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
