Hi Randall,
Could you please share the JIRA ticket or the fixing commit? It might help
to evaluate the impact better.
Thank you!
Ivan
On Tue, 21 Sept 2021 at 19:37, Randall Hauch wrote:
> Severity: moderate
>
> Description:
>
> Some components in Apache Kafka use `Arrays.equals` to validate a
Severity: moderate
Description:
Some components in Apache Kafka use `Arrays.equals` to validate a password or
key, which is vulnerable to timing attacks that make brute force attacks for
such credentials more likely to be successful. Users should upgrade to 2.8.1 or
higher, or 3.0.0 or higher
