Hi, This is the commit to fix the CVE: https://github.com/apache/kafka/commit/ae22ec1a0ea005664439c3f45111aa34390ecaa1 2.x upgrades to 3.x includes a major version upgrade, so it'll have some compatibility issues. Please check the notable changes for v3.0 here: https://kafka.apache.org/documentation/#upgrade_300_notable
Thank you. Luke On Wed, Mar 29, 2023 at 10:18 PM zjfpla...@hotmail.com < zjfpla...@hotmail.com> wrote: > Hi, > Our kafka version is 2.x. I would like to ask everyone, is it > risky to upgrade to version 3.4.0 in order to fix CVE-2023-25194? Because > there are already customers using our products. > Also, I would like to ask you how to fix CVE-2023-25194 on > version 2.x. I did not find the corresponding commit in the historical > commit of 3.4.0. Can someone help me find the corresponding commit record? > > > > zjfpla...@hotmail.com >
