When will the latest sec vulnerability be fixed in Smallrye Reactive Messaging? #31119
Replies: 2 comments 4 replies
-
|
/cc @Ladicek (smallrye), @cescoffier (reactive-messaging), @jmartisk (smallrye), @ozangunalp (reactive-messaging), @phillip-kruger (smallrye), @radcortez (smallrye) |
Beta Was this translation helpful? Give feedback.
-
|
The issue is only for Kafka Connect, not the Kafka client. |
Beta Was this translation helpful? Give feedback.
-
|
This CVE specifically involves the Kafka Connect API, so AFAIU it isn't relevant for |
Beta Was this translation helpful? Give feedback.
-
|
In addition, the update to 3.4.0 is in progress (targeting Quarkus 3.x at the moment) |
Beta Was this translation helpful? Give feedback.
-
|
I think the remediation proposed with Kafka 3.4.0 with the |
Beta Was this translation helpful? Give feedback.
-
|
Ah... in that case, the update of the client won't help :-D |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi there,
There's a security vulnerability in the Apache Kafka client version using in the quarkus-smallrye-reactive-messaging-kafka dependency. It's the Apache Kafka versions below 3.2. Does anyone know when this will be fixed in Quarkus?
It's this one: CVE-2023-25194
Thanks!
Beta Was this translation helpful? Give feedback.
All reactions