You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@kafka.apache.org by Sahil Sharma D <sa...@ericsson.com.INVALID> on 2022/09/09 09:33:03 UTC
KAFKA 3.2.1 Vulnerabilities fix required
Hello team,
We are planning to use Kafka 3.2.1 but our security team finds below Vulnerabilities in this version:
* CVE-2022-24823 Medium (Xray and Trivy)
* CVE-2022-2047 Low (Xray, Trivy and Anchor Grype)
* CVE-2022-2048 High (Anchor Grype)
Kindly share your plan when these Vulnerabilities gets fixed.
Regards,
Sahil
Re: KAFKA 3.2.1 Vulnerabilities fix required
Posted by Bruno Cadonna <ca...@apache.org>.
Hi Sahil,
No, I do not have a tentative release date but once the release
candidate passes the voting it will be released.
Best,
Bruno
On 09.09.22 11:52, Sahil Sharma D wrote:
> Hi Bruno,
>
> Thanks for your quick response.
>
> Do you have any tentative Release date for 3.3.0?
>
> Regards,
> Sahil
>
>
> -----Original Message-----
> From: Bruno Cadonna <ca...@apache.org>
> Sent: 09 September 2022 03:15 PM
> To: users@kafka.apache.org
> Subject: Re: KAFKA 3.2.1 Vulnerabilities fix required
>
> Hi Sahil,
>
> I do not know when the next 3.2 patch release will be out. However, the upcoming 3.3.0 release fixes these vulnerabilities. The release candidate 1 of the 3.3.0 release is currently in the voting phase.
>
> Best,
> Bruno
>
> On 09.09.22 11:33, Sahil Sharma D wrote:
>> Hello team,
>>
>> We are planning to use Kafka 3.2.1 but our security team finds below Vulnerabilities in this version:
>>
>>
>> * CVE-2022-24823 Medium (Xray and Trivy)
>> * CVE-2022-2047 Low (Xray, Trivy and Anchor Grype)
>> * CVE-2022-2048 High (Anchor Grype)
>>
>> Kindly share your plan when these Vulnerabilities gets fixed.
>>
>> Regards,
>> Sahil
>>
RE: KAFKA 3.2.1 Vulnerabilities fix required
Posted by Sahil Sharma D <sa...@ericsson.com.INVALID>.
Hi Bruno,
Thanks for your quick response.
Do you have any tentative Release date for 3.3.0?
Regards,
Sahil
-----Original Message-----
From: Bruno Cadonna <ca...@apache.org>
Sent: 09 September 2022 03:15 PM
To: users@kafka.apache.org
Subject: Re: KAFKA 3.2.1 Vulnerabilities fix required
Hi Sahil,
I do not know when the next 3.2 patch release will be out. However, the upcoming 3.3.0 release fixes these vulnerabilities. The release candidate 1 of the 3.3.0 release is currently in the voting phase.
Best,
Bruno
On 09.09.22 11:33, Sahil Sharma D wrote:
> Hello team,
>
> We are planning to use Kafka 3.2.1 but our security team finds below Vulnerabilities in this version:
>
>
> * CVE-2022-24823 Medium (Xray and Trivy)
> * CVE-2022-2047 Low (Xray, Trivy and Anchor Grype)
> * CVE-2022-2048 High (Anchor Grype)
>
> Kindly share your plan when these Vulnerabilities gets fixed.
>
> Regards,
> Sahil
>
Re: KAFKA 3.2.1 Vulnerabilities fix required
Posted by Bruno Cadonna <ca...@apache.org>.
Hi Sahil,
I do not know when the next 3.2 patch release will be out. However, the
upcoming 3.3.0 release fixes these vulnerabilities. The release
candidate 1 of the 3.3.0 release is currently in the voting phase.
Best,
Bruno
On 09.09.22 11:33, Sahil Sharma D wrote:
> Hello team,
>
> We are planning to use Kafka 3.2.1 but our security team finds below Vulnerabilities in this version:
>
>
> * CVE-2022-24823 Medium (Xray and Trivy)
> * CVE-2022-2047 Low (Xray, Trivy and Anchor Grype)
> * CVE-2022-2048 High (Anchor Grype)
>
> Kindly share your plan when these Vulnerabilities gets fixed.
>
> Regards,
> Sahil
>