[jira] [Created] (KAFKA-19393) Consolidate consumer assignment state views

2025-06-09 Thread Lianet Magrans (Jira)
Lianet Magrans created KAFKA-19393: -- Summary: Consolidate consumer assignment state views Key: KAFKA-19393 URL: https://issues.apache.org/jira/browse/KAFKA-19393 Project: Kafka Issue Type: I

Re: [PR] MINOR: add CVE-2025-27817,CVE-2025-27818,CVE-2025-27819 [kafka-site]

2025-06-09 Thread via GitHub
showuon commented on PR #694: URL: https://github.com/apache/kafka-site/pull/694#issuecomment-2957510154 @chia7712 , I pushed a small commit to improve the advise words. Please take a look again. Thanks. -- This is an automated message from the Apache Git Service. To respond to the messag

[jira] [Created] (KAFKA-19395) The version and license information in the `NOTICE-binary` file for `JUnit` are inconsistent/

2025-06-09 Thread Nick Guo (Jira)
Nick Guo created KAFKA-19395: Summary: The version and license information in the `NOTICE-binary` file for `JUnit` are inconsistent/ Key: KAFKA-19395 URL: https://issues.apache.org/jira/browse/KAFKA-19395

[jira] [Created] (KAFKA-19394) Failure in ConsumerNetworkThread.initializeResources() can cause hangs on close

2025-06-09 Thread Kirk True (Jira)
Kirk True created KAFKA-19394: - Summary: Failure in ConsumerNetworkThread.initializeResources() can cause hangs on close Key: KAFKA-19394 URL: https://issues.apache.org/jira/browse/KAFKA-19394 Project: Ka

Jenkins build is still unstable: Kafka » Kafka PowerPC Daily » test-powerpc #324

2025-06-09 Thread Apache Jenkins Server
See

[jira] [Created] (KAFKA-19392) `metadata.log.segment.ms` is not applied

2025-06-09 Thread Chia-Ping Tsai (Jira)
Chia-Ping Tsai created KAFKA-19392: -- Summary: `metadata.log.segment.ms` is not applied Key: KAFKA-19392 URL: https://issues.apache.org/jira/browse/KAFKA-19392 Project: Kafka Issue Type: Bug

Re: [PR] MINOR: add CVE-2025-27817,CVE-2025-27818,CVE-2025-27819 [kafka-site]

2025-06-09 Thread via GitHub
showuon merged PR #694: URL: https://github.com/apache/kafka-site/pull/694 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@kafka.apache.

Re: [PR] MINOR: add CVE-2025-27817,CVE-2025-27818,CVE-2025-27819 [kafka-site]

2025-06-09 Thread via GitHub
showuon commented on PR #694: URL: https://github.com/apache/kafka-site/pull/694#issuecomment-2957840927 Merge it first because we want to publish the CVE. We can update the content if needed afterwards. -- This is an automated message from the Apache Git Service. To respond to the messag

[jira] [Resolved] (KAFKA-19386) Incorrect ExpirationReaper thread names from DelayedOperationPurgatory

2025-06-09 Thread Apoorv Mittal (Jira)
[ https://issues.apache.org/jira/browse/KAFKA-19386?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Apoorv Mittal resolved KAFKA-19386. --- Resolution: Fixed > Incorrect ExpirationReaper thread names from DelayedOperationPurgatory >

CVE-2025-27819: Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration

2025-06-09 Thread Luke Chen
Severity: important Affected versions: - Apache Kafka 2.0.0 through 3.3.2 Description: In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apache Ka

CVE-2025-27818: Apache Kafka: Possible RCE attack via SASL JAAS LdapLoginModule configuration

2025-06-09 Thread Luke Chen
Severity: important Affected versions: - Apache Kafka 2.3.0 through 3.9.0 Description: A possible security vulnerability has been identified in Apache Kafka. This requires access to a alterConfig to the cluster resource, or Kafka Connect worker, and the ability to create/modify connectors on

CVE-2025-27817: Apache Kafka Client: Arbitrary file read and SSRF vulnerability

2025-06-09 Thread Luke Chen
Severity: important Affected versions: - Apache Kafka Client 3.1.0 through 3.9.0 Description: A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the

[PR] MINOR: add CVE-2025-27817,CVE-2025-27818,CVE-2025-27819 [kafka-site]

2025-06-09 Thread via GitHub
showuon opened a new pull request, #694: URL: https://github.com/apache/kafka-site/pull/694 add CVE-2025-27817,CVE-2025-27818,CVE-2025-27819 after the announcement: CVE-2025-27817: https://lists.apache.org/thread/7v38swjp0sw6qozsv1799qvh9df7fx3r CVE-2025-27818: https://lists.apach

[jira] [Created] (KAFKA-19391) Update the opentelemetry-proto and protobuf

2025-06-09 Thread Chia-Ping Tsai (Jira)
Chia-Ping Tsai created KAFKA-19391: -- Summary: Update the opentelemetry-proto and protobuf Key: KAFKA-19391 URL: https://issues.apache.org/jira/browse/KAFKA-19391 Project: Kafka Issue Type: I