You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@phoenix.apache.org by "Istvan Toth (Jira)" <ji...@apache.org> on 2023/05/05 05:59:00 UTC

[jira] [Resolved] (PHOENIX-6906) [phoenix-connectors] Upgrade kafka-client version used for phoenix-kafka due to CVE issues

     [ https://issues.apache.org/jira/browse/PHOENIX-6906?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Istvan Toth resolved PHOENIX-6906.
----------------------------------
    Resolution: Won't Fix

We have discussed this on the mailing list, and decided to drop the Kafka connector due to lack of maintainers (and known users).

> [phoenix-connectors] Upgrade kafka-client version used for phoenix-kafka due to CVE issues
> ------------------------------------------------------------------------------------------
>
>                 Key: PHOENIX-6906
>                 URL: https://issues.apache.org/jira/browse/PHOENIX-6906
>             Project: Phoenix
>          Issue Type: Bug
>          Components: kafka-connector
>            Reporter: Andrew Kyle Purtell
>            Priority: Major
>
> The version of kafka-client used by phoenix-kafka has known CVE issues, refer to https://kafka.apache.org/cve-list . To get past the CVE issues this component should be upgraded to 3.4.0. Unfortunately this represents a major version upgrade and the current PhoenixConsumer and/or its test code must be significantly changed to accomodate it. After tinkering with PhoenixConsumerIT to deal with configuration changes (admin requires bootstrap.servers property) the consumer throws ConcurrentModificationExceptions, indicating the current threading model used by PhoenixConsumer is now no longer correct.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)