RE: Fix for CVEs

Hi team, There are another vulnerability we detected, can you please share Kafka is planning to fix this vulnerability: CVE-2023-31582 GHSA-jgvc-jfgh-rjvv Regards, Sahil From: Sahil Sharma D Sent: 17 October 2023 02:45 PM To: 'users@kafka.apache.org' Subject: RE: Fix for CVEs Hi Team, There i

Re: Fix for CVEs

Hi Sahil, Regarding CVE-2023-31582 it affects jose4j versions prior to 0.9.3 (not included). Apache Kafka has been using jose4j version 0.9.3 for a while now, it was introduced in this commit[1] on May 13. Since Kafka 3.4.1 all versions have been shipped with jose4j 0.9.3. Please note that NVE's C

[ANNOUNCE] Apache Kafka 3.6.1

The Apache Kafka community is pleased to announce the release for Apache Kafka 3.6.1 This is a bug fix release and it includes fixes and improvements from 30 JIRAs. All of the changes in this release can be found in the release notes: https://www.apache.org/dist/kafka/3.6.1/RELEASE_NOTES.html Yo

MirrorMaker2 and source value deserialization

Hello every one, I'm using MM2 to replicate topics from one cluster to an other (ok, nothing strange for now), BUT... I also would like to deserialize message from source to destination (only value of topic). I have something like (replication.factor=1 because it is a POC): = mm2.properti

Issue with "connections.max.idle.ms" property defined for admin client config in apache kafka version 3.3.1

Hi Team, We are using Apache Kafka 3.3.1 in our application. Scenario - 1 --> We have created an Kafka admin client from our java application and have not configured the property "connections.max.idle.ms" so its default value which is 5 minutes is used. In the above scenario we see a port bein