search

linkedin / cruise-control

Cruise-control is the first of its kind to fully automate the dynamic workload rebalance and self-healing of a Kafka cluster. It provides great value to Kafka users by simplifying the operation of Kafka clusters.
https://github.com/linkedin/cruise-control/tags
BSD 2-Clause "Simplified" License
2.74k stars 585 forks source link

CVE-2023-34455 - Upgrade Kafka client to 3.5.1 #2055

Open cesaroangelo opened 1 year ago

cesaroangelo commented 1 year ago

Kafka 3.5.1 fixes CVE-2023-34455 - Kafka CLIENTS USING SNAPPY COMPRESSION MAY CAUSE OUT OF MEMORY ERROR ON BROKERS

https://nvd.nist.gov/vuln/detail/CVE-2023-34455 https://kafka.apache.org/cve-list.html

Would it be possible to upgrade the Kafka library to 3.5.1 to fix this CVE?

johnswarbrick-napier commented 1 year ago

Related to: https://github.com/linkedin/cruise-control/issues/2044

cesaroangelo commented 1 year ago

This should be covered by #2057 now