Hi Sahil,
we value that you raise security issues. However, since this is a
sensitive area there are guidelines to follow as François pointed out.
Additionally to what François said, I would like to remind you again (as
I did in https://kafka.apache.org/project-security) to follow the
Kafka-specific instructions published at
https://kafka.apache.org/project-security
if you find a security issue.
Thanks for your interest in Apache Kafka.
Best,
Bruno
On 8/7/23 10:04 AM, fpapon wrote:
Hi,
Security threads should not be discussed on user/dev mailing list,
please use dedicated security mailing list:
https://www.apache.org/security/
Regards,
François
On 07/08/2023 06:11, Sahil Sharma D wrote:
Hi team,
We have found below vulnerabilities in Kafka Version 3.3.1.
* CVE-2023-34462(on 3PP Netty)
* CVE-2023-35116: (on Jackson databind)
Can you please share the mitigation plan and impact of these CVEs.
Regards,
Sahil
