You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@phoenix.apache.org by "Andrew Kyle Purtell (Jira)" <ji...@apache.org> on 2023/03/14 17:06:00 UTC
[jira] [Created] (PHOENIX-6906) [phoenix-connectors] Upgrade kafka-client version used for phoenix-kafka due to CVE issues
Andrew Kyle Purtell created PHOENIX-6906:
--------------------------------------------
Summary: [phoenix-connectors] Upgrade kafka-client version used for phoenix-kafka due to CVE issues
Key: PHOENIX-6906
URL: https://issues.apache.org/jira/browse/PHOENIX-6906
Project: Phoenix
Issue Type: Bug
Components: kafka-connector
Reporter: Andrew Kyle Purtell
The version of kafka-client used by phoenix-kafka has known CVE issues, refer to https://kafka.apache.org/cve-list . To get past the CVE issues this component should be upgraded to 3.4.0. Unfortunately this represents a major version upgrade and the current PhoenixConsumer and/or its test code must be significantly changed to accomodate it. After tinkering with PhoenixConsumerIT to deal with configuration changes (admin requires bootstrap.servers property) the consumer throws ConcurrentModificationExceptions, indicating the current threading model used by PhoenixConsumer is now no longer correct.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)