[jira] [Created] (KAFKA-19393) Consolidate consumer assignment state views

Lianet Magrans created KAFKA-19393: -- Summary: Consolidate consumer assignment state views Key: KAFKA-19393 URL: https://issues.apache.org/jira/browse/KAFKA-19393 Project: Kafka Issue Type: I

Re: [PR] MINOR: add CVE-2025-27817,CVE-2025-27818,CVE-2025-27819 [kafka-site]

showuon commented on PR #694: URL: https://github.com/apache/kafka-site/pull/694#issuecomment-2957510154 @chia7712 , I pushed a small commit to improve the advise words. Please take a look again. Thanks. -- This is an automated message from the Apache Git Service. To respond to the messag

[jira] [Created] (KAFKA-19395) The version and license information in the `NOTICE-binary` file for `JUnit` are inconsistent/

Nick Guo created KAFKA-19395: Summary: The version and license information in the `NOTICE-binary` file for `JUnit` are inconsistent/ Key: KAFKA-19395 URL: https://issues.apache.org/jira/browse/KAFKA-19395

[jira] [Created] (KAFKA-19394) Failure in ConsumerNetworkThread.initializeResources() can cause hangs on close

Kirk True created KAFKA-19394: - Summary: Failure in ConsumerNetworkThread.initializeResources() can cause hangs on close Key: KAFKA-19394 URL: https://issues.apache.org/jira/browse/KAFKA-19394 Project: Ka

Jenkins build is still unstable: Kafka » Kafka PowerPC Daily » test-powerpc #324

See

[jira] [Created] (KAFKA-19392) `metadata.log.segment.ms` is not applied

Chia-Ping Tsai created KAFKA-19392: -- Summary: `metadata.log.segment.ms` is not applied Key: KAFKA-19392 URL: https://issues.apache.org/jira/browse/KAFKA-19392 Project: Kafka Issue Type: Bug

Re: [PR] MINOR: add CVE-2025-27817,CVE-2025-27818,CVE-2025-27819 [kafka-site]

showuon merged PR #694: URL: https://github.com/apache/kafka-site/pull/694 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@kafka.apache.

Re: [PR] MINOR: add CVE-2025-27817,CVE-2025-27818,CVE-2025-27819 [kafka-site]

showuon commented on PR #694: URL: https://github.com/apache/kafka-site/pull/694#issuecomment-2957840927 Merge it first because we want to publish the CVE. We can update the content if needed afterwards. -- This is an automated message from the Apache Git Service. To respond to the messag

[jira] [Resolved] (KAFKA-19386) Incorrect ExpirationReaper thread names from DelayedOperationPurgatory

[ https://issues.apache.org/jira/browse/KAFKA-19386?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Apoorv Mittal resolved KAFKA-19386. --- Resolution: Fixed > Incorrect ExpirationReaper thread names from DelayedOperationPurgatory >

CVE-2025-27819: Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration

Severity: important Affected versions: - Apache Kafka 2.0.0 through 3.3.2 Description: In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apache Ka

CVE-2025-27818: Apache Kafka: Possible RCE attack via SASL JAAS LdapLoginModule configuration

Severity: important Affected versions: - Apache Kafka 2.3.0 through 3.9.0 Description: A possible security vulnerability has been identified in Apache Kafka. This requires access to a alterConfig to the cluster resource, or Kafka Connect worker, and the ability to create/modify connectors on

CVE-2025-27817: Apache Kafka Client: Arbitrary file read and SSRF vulnerability

Severity: important Affected versions: - Apache Kafka Client 3.1.0 through 3.9.0 Description: A possible arbitrary file read and SSRF vulnerability has been identified in Apache Kafka Client. Apache Kafka Clients accept configuration data for setting the SASL/OAUTHBEARER connection with the

[PR] MINOR: add CVE-2025-27817,CVE-2025-27818,CVE-2025-27819 [kafka-site]

showuon opened a new pull request, #694: URL: https://github.com/apache/kafka-site/pull/694 add CVE-2025-27817,CVE-2025-27818,CVE-2025-27819 after the announcement: CVE-2025-27817: https://lists.apache.org/thread/7v38swjp0sw6qozsv1799qvh9df7fx3r CVE-2025-27818: https://lists.apach

[jira] [Created] (KAFKA-19391) Update the opentelemetry-proto and protobuf

Chia-Ping Tsai created KAFKA-19391: -- Summary: Update the opentelemetry-proto and protobuf Key: KAFKA-19391 URL: https://issues.apache.org/jira/browse/KAFKA-19391 Project: Kafka Issue Type: I