You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@phoenix.apache.org by "Andrew Kyle Purtell (Jira)" <ji...@apache.org> on 2023/03/14 17:06:00 UTC

[jira] [Created] (PHOENIX-6906) [phoenix-connectors] Upgrade kafka-client version used for phoenix-kafka due to CVE issues

Andrew Kyle Purtell created PHOENIX-6906:
--------------------------------------------

             Summary: [phoenix-connectors] Upgrade kafka-client version used for phoenix-kafka due to CVE issues
                 Key: PHOENIX-6906
                 URL: https://issues.apache.org/jira/browse/PHOENIX-6906
             Project: Phoenix
          Issue Type: Bug
          Components: kafka-connector
            Reporter: Andrew Kyle Purtell


The version of kafka-client used by phoenix-kafka has known CVE issues, refer to https://kafka.apache.org/cve-list . To get past the CVE issues this component should be upgraded to 3.4.0. Unfortunately this represents a major version upgrade and the current PhoenixConsumer and/or its test code must be significantly changed to accomodate it. After tinkering with PhoenixConsumerIT to deal with configuration changes (admin requires bootstrap.servers property) the consumer throws ConcurrentModificationExceptions, indicating the current threading model used by PhoenixConsumer is now no longer correct.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)