You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@kafka.apache.org by Andrew Pomponio <AP...@perforce.com> on 2022/11/10 15:29:53 UTC
Jackson CVE's in Mirror Maker 2.13-2.8.2
Hello Kafka Developers,
I was wondering if there are any plans to back port fixes for certain CVE’s found in Mirror Maker 2.13-2.8.2. Scans of the code found the following unpatched CVE’s:
* CVE-2022-42004
* CVE-2022-42003
* CVE-2020-36518
It’s my understanding that there’s going to be a hot fix coming out for 2.13-2.8.2 and I was wondering if those CVE’s will be addressed. Any information is greatly appreciated. Thanks!
Andrew Pomponio | Associate Enterprise Architect, OpenLogic<https://www.openlogic.com/?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2019-common&utm_content=email-signature-link>
Perforce Software<http://www.perforce.com/?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link>
P: +1 612.517.2100 <tel:>
Visit us on: LinkedIn<https://www.linkedin.com/company/perforce?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link> | Twitter<https://twitter.com/perforce?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link> | Facebook<https://www.facebook.com/perforce/?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link> | YouTube<https://www.youtube.com/user/perforcesoftware?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link>
Use our new Community portal to submit/track support cases!<https://www.perforce.com/support/community-portal-faq?utm_source=sales-signature&utm_medium=email&utm_campaign=community-portal-faq&utm_content=resource?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link>
This e-mail may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.
Re: Jackson CVE's in Mirror Maker 2.13-2.8.2
Posted by Luke Chen <sh...@gmail.com>.
Hi Andrew,
Kafka community will only do bug fix release for last 3 releases based on
the wiki. So, there will be no newer 2.8 patch release.
https://cwiki.apache.org/confluence/display/KAFKA/Time+Based+Release+Plan#TimeBasedReleasePlan-WhatIsOurEOLPolicy
?
Thank you.
Luke
On Thu, Nov 10, 2022 at 11:30 PM Andrew Pomponio <AP...@perforce.com>
wrote:
> Hello Kafka Developers,
>
> I was wondering if there are any plans to back port fixes for certain
> CVE’s found in Mirror Maker 2.13-2.8.2. Scans of the code found the
> following unpatched CVE’s:
>
>
> * CVE-2022-42004
> * CVE-2022-42003
> * CVE-2020-36518
>
> It’s my understanding that there’s going to be a hot fix coming out for
> 2.13-2.8.2 and I was wondering if those CVE’s will be addressed. Any
> information is greatly appreciated. Thanks!
>
>
>
> Andrew Pomponio | Associate Enterprise Architect, OpenLogic<
> https://www.openlogic.com/?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2019-common&utm_content=email-signature-link
> >
> Perforce Software<
> http://www.perforce.com/?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link
> >
> P: +1 612.517.2100 <tel:>
> Visit us on: LinkedIn<
> https://www.linkedin.com/company/perforce?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link>
> | Twitter<
> https://twitter.com/perforce?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link>
> | Facebook<
> https://www.facebook.com/perforce/?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link>
> | YouTube<
> https://www.youtube.com/user/perforcesoftware?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link
> >
>
> Use our new Community portal to submit/track support cases!<
> https://www.perforce.com/support/community-portal-faq?utm_source=sales-signature&utm_medium=email&utm_campaign=community-portal-faq&utm_content=resource?utm_leadsource=email-signature&utm_source=outlook-direct-email&utm_medium=email&utm_campaign=2021-common&utm_content=email-signature-link
> >
>
>
>
> This e-mail may contain information that is privileged or confidential. If
> you are not the intended recipient, please delete the e-mail and any
> attachments and notify us immediately.
>
>