search

linkedin / cruise-control

Cruise-control is the first of its kind to fully automate the dynamic workload rebalance and self-healing of a Kafka cluster. It provides great value to Kafka users by simplifying the operation of Kafka clusters.
https://github.com/linkedin/cruise-control/tags
BSD 2-Clause "Simplified" License
2.77k stars 595 forks source link

Upgrade simplekdc to 2.0.3 #2179

Closed yasiribmcon closed 3 months ago

yasiribmcon commented 3 months ago

Upgrading simplekdc version to "2.0.3" which supports a change that can correctly use security classes based on what version of IBM Semeru JDK(if applicable) is being used.

There is no regression observed using Semeru, OpenJDK and Temurin JDKs.

This PR resolves #2178 .

mhratson commented 3 months ago

Looks like one of the deps is flagged for vulnerabilities, so we can't accept this version bump. Maybe never version can succeed…

org.jboss.xnio:xnio-api:3.8.8.Final
Notes: Vulnerability found and is blocked by oss-canary: vulnerability: A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS). Version 3.8.14.Final is expected to contain a fix. remediation: Upgrade org.jboss.xnio:xnio-api from 3.8.8.Final to 3.8.14