[
https://issues.apache.org/jira/browse/KAFKA-15443?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Swikar Patel resolved KAFKA-15443.
----------------------------------
Resolution: Fixed
> Upgrade RocksDB dependency
> --------------------------
>
> Key: KAFKA-15443
> URL: https://issues.apache.org/jira/browse/KAFKA-15443
> Project: Kafka
> Issue Type: Task
> Components: streams
> Reporter: Matthias J. Sax
> Assignee: Swikar Patel
> Priority: Blocker
> Fix For: 4.0.0
>
> Attachments: compat_report.html
>
>
> Kafka Streams currently depends on RocksDB 7.9.2
> However, the latest version of RocksDB is already 8.5.3. We should check the
> RocksDB release notes to see what benefits we get to upgrade to the latest
> version (and file corresponding tickets to exploit improvement of newer
> releases as applicable).
> From the duplicate ticket KAFKA-18204:
> Kafka still uses rocksdbjni version 7.x (ref:
> [https://github.com/apache/kafka/blob/trunk/gradle/dependencies.gradle#L120])
> which is no longer receiving backports from upstream.
> Please update to rocksdb version 9.x (latest version) so that security
> updates are received.
> Examples for critical vulnerabilities (CVE score 9.8) in rocksdb version 7.x:
> [https://nvd.nist.gov/vuln/detail/CVE-2023-45853]
> [https://nvd.nist.gov/vuln/detail/CVE-2022-37434]
> (updating to the tip of 8.x release fixes these two vulnerabilities but for
> any new security fixes, we will need to move to 9.x)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
