RE: CVEs related to Kafka

Hi Team, We have found few more Vulnerabilities on Kafka, below are the list: CVE-2022-36944 Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with

Re: MM2 -- failed to copy old data

Thanks Greg. That seems the cause -- this is the default settings from MSK On 5/2/23, 1:23 PM, "Greg Harris" mailto:greg.har...@aiven.io.inva>LID> wrote: WARNING: Do not click links or open attachments unless you recognize the source of the email and know the contents are safe. ***

Re: MM2 -- failed to copy old data

Andrew, The broker appears to be rejecting the timestamp of the replicated record, which is the same as the source record timestamp in MM2. I think you will need to relax the timestamp validation, which is controlled by these configurations: https://kafka.apache.org/documentation/#topicconfigs_me

MM2 -- failed to copy old data

Hi: When I am running MM2 (3.4.0), any message older than 1 days are not copying, the topic has retention period as 5 days. Got error: org.apache.kafka.common.errors.InvalidTimestampException: Timestamp 1682664968019 of message with offset 0 is out of range. The timestamp should be within [1682

CVEs related to Kafka

Hi team, We have got below two vulnerabilities on Kafka 3PP. CVE-2022-42003 In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array n