Radha Krishna Peteti created KAFKA-18204:
--------------------------------------------
Summary: Upgrade to rocksdb 8.x+ (ideally 9.x)
Key: KAFKA-18204
URL: https://issues.apache.org/jira/browse/KAFKA-18204
Project: Kafka
Issue Type: Bug
Reporter: Radha Krishna Peteti
Kafka still uses rocksdbjni version 7.x (ref:
[https://github.com/apache/kafka/blob/trunk/gradle/dependencies.gradle#L120])
which is no longer receiving backports from upstream.
Please update to rocksdb version 9.x (latest version) so that security updates
are received.
Examples for critical vulnerabilities (CVE score 9.8) in rocksdb version 7.x:
[https://nvd.nist.gov/vuln/detail/CVE-2023-45853]
[https://nvd.nist.gov/vuln/detail/CVE-2022-37434]
(updating to the tip of 8.x release fixes these two vulnerabilities but for any
new security fixes, we will need to move to 9.x)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
