You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@kafka.apache.org by Sahil Sharma D <sa...@ericsson.com.INVALID> on 2022/09/09 09:33:03 UTC

KAFKA 3.2.1 Vulnerabilities fix required

Hello team,

We are planning to use Kafka 3.2.1 but our security team finds below Vulnerabilities in this version:


  *   CVE-2022-24823 Medium (Xray and Trivy)
  *   CVE-2022-2047 Low (Xray, Trivy and Anchor Grype)
  *   CVE-2022-2048 High (Anchor Grype)

Kindly share your plan when these Vulnerabilities gets fixed.

Regards,
Sahil

Re: KAFKA 3.2.1 Vulnerabilities fix required

Posted by Bruno Cadonna <ca...@apache.org>.

Hi Sahil,

No, I do not have a tentative release date but once the release 
candidate passes the voting it will be released.

Best,
Bruno

On 09.09.22 11:52, Sahil Sharma D wrote:
> Hi Bruno,
> 
> Thanks for your quick response.
> 
> Do you have any tentative Release date for 3.3.0?
> 
> Regards,
> Sahil
> 
> 
> -----Original Message-----
> From: Bruno Cadonna <ca...@apache.org>
> Sent: 09 September 2022 03:15 PM
> To: users@kafka.apache.org
> Subject: Re: KAFKA 3.2.1 Vulnerabilities fix required
> 
> Hi Sahil,
> 
> I do not know when the next 3.2 patch release will be out. However, the upcoming 3.3.0 release fixes these vulnerabilities. The release candidate 1 of the 3.3.0 release is currently in the voting phase.
> 
> Best,
> Bruno
> 
> On 09.09.22 11:33, Sahil Sharma D wrote:
>> Hello team,
>>
>> We are planning to use Kafka 3.2.1 but our security team finds below Vulnerabilities in this version:
>>
>>
>>     *   CVE-2022-24823 Medium (Xray and Trivy)
>>     *   CVE-2022-2047 Low (Xray, Trivy and Anchor Grype)
>>     *   CVE-2022-2048 High (Anchor Grype)
>>
>> Kindly share your plan when these Vulnerabilities gets fixed.
>>
>> Regards,
>> Sahil
>>

RE: KAFKA 3.2.1 Vulnerabilities fix required

Posted by Sahil Sharma D <sa...@ericsson.com.INVALID>.

Hi Bruno,

Thanks for your quick response.

Do you have any tentative Release date for 3.3.0?

Regards,
Sahil

-----Original Message-----
From: Bruno Cadonna <ca...@apache.org> 
Sent: 09 September 2022 03:15 PM
To: users@kafka.apache.org
Subject: Re: KAFKA 3.2.1 Vulnerabilities fix required

Hi Sahil,

I do not know when the next 3.2 patch release will be out. However, the upcoming 3.3.0 release fixes these vulnerabilities. The release candidate 1 of the 3.3.0 release is currently in the voting phase.

Best,
Bruno

On 09.09.22 11:33, Sahil Sharma D wrote:
> Hello team,
> 
> We are planning to use Kafka 3.2.1 but our security team finds below Vulnerabilities in this version:
> 
> 
>    *   CVE-2022-24823 Medium (Xray and Trivy)
>    *   CVE-2022-2047 Low (Xray, Trivy and Anchor Grype)
>    *   CVE-2022-2048 High (Anchor Grype)
> 
> Kindly share your plan when these Vulnerabilities gets fixed.
> 
> Regards,
> Sahil
>

Re: KAFKA 3.2.1 Vulnerabilities fix required

Posted by Bruno Cadonna <ca...@apache.org>.

Hi Sahil,

I do not know when the next 3.2 patch release will be out. However, the 
upcoming 3.3.0 release fixes these vulnerabilities. The release 
candidate 1 of the 3.3.0 release is currently in the voting phase.

Best,
Bruno

On 09.09.22 11:33, Sahil Sharma D wrote:
> Hello team,
> 
> We are planning to use Kafka 3.2.1 but our security team finds below Vulnerabilities in this version:
> 
> 
>    *   CVE-2022-24823 Medium (Xray and Trivy)
>    *   CVE-2022-2047 Low (Xray, Trivy and Anchor Grype)
>    *   CVE-2022-2048 High (Anchor Grype)
> 
> Kindly share your plan when these Vulnerabilities gets fixed.
> 
> Regards,
> Sahil
>