ect: About CVE-2023-25194
CAUTION: External Email : Be wary of clicking links or if this claims to be
internal.
Hi,
Our kafka version is 2.x. I would like to ask everyone, is it risky
to upgrade to version 3.4.0 in order to fix CVE-2023-25194? Because there are
already customers
Hi,
This is the commit to fix the CVE:
https://github.com/apache/kafka/commit/ae22ec1a0ea005664439c3f45111aa34390ecaa1
2.x upgrades to 3.x includes a major version upgrade, so it'll have some
compatibility issues.
Please check the notable changes for v3.0 here:
https://kafka.apache.org/documentati
