Compatibility with jdk 21

Hi team, Which version of Kafka is compatible with jdk 21 or is there any computability matric I can refer for this info? Regards Sahil

RE: Release plan required

tware Engineer I E-mail: Personal | Official On Mon, May 20, 2024 at 1:31 PM Sahil Sharma D wrote: > Hi team, > > We need the Kafka release plan for our Kafka upgrade planning, kindly > share the latest Release Plan or when is the next release is planned > and which version? > > Regards, > Sahil >

Release plan required

Hi team, We need the Kafka release plan for our Kafka upgrade planning, kindly share the latest Release Plan or when is the next release is planned and which version? Regards, Sahil

RE: Fix for CVEs

23334-501d5122-313273af-45444731-20812dac4e721e52&q=1&e=cf912bd9-c285-46b5-8dd3-1128f357b943&u=https%3A%2F%2Fbitbucket.org%2Fb_c%2Fjose4j%2Fwiki%2FRelease%2520Notes On Thu, Dec 7, 2023 at 10:00 AM Sahil Sharma D wrote: > Hi team, > > There are another vulnerability we detect

EOS date for Kafka 3.5.1

Hi team, Can you please share the EOS date for Kafka Version 3.5.1? Regards, Sahil

Compatibility with java 11 and java 178

Hi Team, Is Kafka 3.6.1 is compatible with java 17? Regards, Sahil

RE: Fix for CVEs

Hi team, There are another vulnerability we detected, can you please share Kafka is planning to fix this vulnerability: CVE-2023-31582 GHSA-jgvc-jfgh-rjvv Regards, Sahil From: Sahil Sharma D Sent: 17 October 2023 02:45 PM To: 'users@kafka.apache.org' Subject: RE: Fix for CVEs Hi Te

RE: Fix for CVEs

Hi Team, There is another vulnerability we detected CVE-2023-4586, can you please share Kafka is planning to fix this vulnerability and CVEs mentioned in mail trail Regards, Sahil From: Sahil Sharma D Sent: 14 September 2023 05:51 PM To: 'users@kafka.apache.org' Subject: Fix for CVE

Fix for CVEs

Hi Team, As suggested earlier I tried to reach "secur...@apache.org" , this address is meant for coordinating still-undisclosed potential vulnerabilities only. Can you please share the release plan for below mentioned CVEs: CVE-2023-34454 CVE-2023-34453 CVE-2022-4

Impact and fix of CVE-2023-34462 and CVE-2023-35116

Hi team, We have found below vulnerabilities in Kafka Version 3.3.1. * CVE-2023-34462(on 3PP Netty) * CVE-2023-35116: (on Jackson databind) Can you please share the mitigation plan and impact of these CVEs. Regards, Sahil

RE: Release plan required for version 3.5.1

required for version 3.5.1 Hi Sahil, Apache Kafka 3.5.1 is already released: https://kafka.apache.org/downloads On Wed, Jul 26, 2023 at 9:08 AM Sahil Sharma D wrote: > Gentle reminder-2 > > -Original Message- > From: Sahil Sharma D > Sent: 12 July 2023 09:51

RE: Release plan required for version 3.5.1

Gentle reminder-2 -Original Message- From: Sahil Sharma D Sent: 12 July 2023 09:51 AM To: users@kafka.apache.org Subject: RE: Release plan required for version 3.5.1 Gentle reminder! -Original Message- From: Sahil Sharma D Sent: 03 July 2023 04:39 PM To: users@kafka.apache.org

RE: Release plan required for version 3.5.1

Gentle reminder! -Original Message- From: Sahil Sharma D Sent: 03 July 2023 04:39 PM To: users@kafka.apache.org Subject: RE: Release plan required for version 3.5.1 Hi, That means below vulnerabilities are not appliable for kafka, right? CVE-2022-42003 CVE-2022-42004 CVE-2023-34454 CVE

RE: Release plan required for version 3.5.1

or new versions are created. Best, On Mon, Jul 3, 2023 at 9:46 AM Sahil Sharma D wrote: > Gentle reminder! > > From: Sahil Sharma D > Sent: 26 June 2023 08:18 PM > To: users@kafka.apache.org > Subject: Release plan required for version 3.5.1 > Importance: High > > H

RE: Release plan required for version 3.5.1

Gentle reminder! From: Sahil Sharma D Sent: 26 June 2023 08:18 PM To: users@kafka.apache.org Subject: Release plan required for version 3.5.1 Importance: High Hi Team, There is an vulnerability on snappy-java-1.1.8.4.jar, are we impacted due to this if we are using only client jar and kafka

Release plan required for version 3.5.1

Hi Team, There is an vulnerability on snappy-java-1.1.8.4.jar, are we impacted due to this if we are using only client jar and kafka server. Below are the vulnerabilities that still open and we unable to find any detail of these CVEs on jira. In which version these CVEs are planned to be resolv

required dependent jars on kafka-clients-3.3.1.jar

Hi Team, We are using Kafka 3.3.1 in our product, there are multiple jars bundled in it. We are using only kafka-clients-3.3.1.jar out of those jars. Can you please help us in identifying the jars which are being used by kafka-clients-3.3.1.jar. Appreciate your earliest response. Regards, Sah

RE: CVEs related to Kafka

ache.org/jira/browse/KAFKA-14320 https://issues.apache.org/jira/browse/KAFKA-14107 https://issues.apache.org/jira/browse/KAFKA-14256 Maybe you can try to search the JIRA first next time. :) Thank you. Luke On Wed, May 10, 2023 at 12:33 PM Sahil Sharma D wrote: > Hi team, > > By when w

RE: CVEs related to Kafka

/KAFKA-14320 https://issues.apache.org/jira/browse/KAFKA-14107 https://issues.apache.org/jira/browse/KAFKA-14256 Maybe you can try to search the JIRA first next time. :) Thank you. Luke On Wed, May 10, 2023 at 12:33 PM Sahil Sharma D wrote: > Hi team, > > By when we can expect reply reg

RE: CVEs related to Kafka

quickly. From: Sahil Sharma D Date: Tuesday, May 9, 2023 at 12:40 PM To: users@kafka.apache.org Subject: [EXTERNAL] RE: CVEs related to Kafka Gentle reminder-2 ! -Original Message- From: Sahil Sharma D Sent: 03 May 2023 04:34 PM To: users@kafka.apache.org Subject: RE: CVEs related to

RE: CVEs related to Kafka

Gentle reminder-2 ! -Original Message- From: Sahil Sharma D Sent: 03 May 2023 04:34 PM To: users@kafka.apache.org Subject: RE: CVEs related to Kafka Gentle reminder! From: Sahil Sharma D Sent: 03 May 2023 08:57 AM To: 'users@kafka.apache.org' Subject: RE: CVEs relate

RE: CVEs related to Kafka

Gentle reminder! From: Sahil Sharma D Sent: 03 May 2023 08:57 AM To: 'users@kafka.apache.org' Subject: RE: CVEs related to Kafka Importance: High Hi Team, We have found few more Vulnerabilities on Kafka, below are the list: CVE-2022-36944<https://nvd.nist.gov/vuln/detail/CVE-2022

RE: CVEs related to Kafka

irm about the mitigation plan and impact of these CVEs. Regards, Sahil From: Sahil Sharma D Sent: 02 May 2023 02:16 PM To: users@kafka.apache.org Subject: CVEs related to Kafka Importance: High Hi team, We have got below two vulnerabilities on Kafka 3PP. CVE-2022-42003<https://nvd.nist.gov/vuln

CVEs related to Kafka

Hi team, We have got below two vulnerabilities on Kafka 3PP. CVE-2022-42003 In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array n

Release plan for kafka-python

Hi team, As per understanding its last release was released in 2020, after that there is no release. We are planning to use v2.0.2, if we face any issue in this version will it fixed in any upcoming release or what should be the workaround. Can you please share the release plan for kafka-python

RE: KAFKA 3.2.1 Vulnerabilities fix required

know when the next 3.2 patch release will be out. However, the upcoming 3.3.0 release fixes these vulnerabilities. The release candidate 1 of the 3.3.0 release is currently in the voting phase. Best, Bruno On 09.09.22 11:33, Sahil Sharma D wrote: > Hello team, > > We are planning to

KAFKA 3.2.1 Vulnerabilities fix required

Hello team, We are planning to use Kafka 3.2.1 but our security team finds below Vulnerabilities in this version: * CVE-2022-24823 Medium (Xray and Trivy) * CVE-2022-2047 Low (Xray, Trivy and Anchor Grype) * CVE-2022-2048 High (Anchor Grype) Kindly share your plan when these Vulner