You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@kafka.apache.org by cm...@apache.org on 2019/08/02 18:40:09 UTC
[kafka-site] 01/01: Fix missing close tag in cve-list.html
This is an automated email from the ASF dual-hosted git repository.
cmccabe pushed a commit to branch cve2
in repository https://gitbox.apache.org/repos/asf/kafka-site.git
commit 8b24d3fdc3699d9c27579ed7eeb0cae9c5cc9d86
Author: Colin P. Mccabe <cm...@confluent.io>
AuthorDate: Fri Aug 2 11:36:39 2019 -0700
Fix missing close tag in cve-list.html
---
cve-list.html | 1 +
1 file changed, 1 insertion(+)
diff --git a/cve-list.html b/cve-list.html
index a7bb658..5c797df 100644
--- a/cve-list.html
+++ b/cve-list.html
@@ -9,6 +9,7 @@
This page lists all security vulnerabilities fixed in released versions of Apache Kafka.
<h2><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17196">CVE-2018-17196</a>
+Authenticated clients with Write permission may bypass transaction/idempotent ACL validation</h2>
<p>In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually
craft a Produce request which bypasses transaction/idempotent ACL validation.
Only authenticated clients with Write permission on the respective topics are