Hi Randall,
Could you please share the JIRA ticket or the fixing commit? It might help
to evaluate the impact better.
Thank you!
Ivan
On Tue, 21 Sept 2021 at 19:37, Randall Hauch wrote:
> Severity: moderate
>
> Description:
>
> Some components in Apache Kafka use `Arrays.equals` to validate a
Severity: moderate
Description:
Some components in Apache Kafka use `Arrays.equals` to validate a password or
key, which is vulnerable to timing attacks that make brute force attacks for
such credentials more likely to be successful. Users should upgrade to 2.8.1 or
higher, or 3.0.0 or higher
The Apache Kafka community is pleased to announce the release for Apache
Kafka 3.0.0
It is a major release that includes many new features, including:
* The deprecation of support for Java 8 and Scala 2.12.
* Kafka Raft support for snapshots of the metadata topic and other
improvements in the sel
