Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade Kafka to address snappy-java vulnerabilities (CVE-2023-43642, CVE-2023-34455, ...) #2445

Merged
merged 2 commits into from
Jul 17, 2024
Merged

Upgrade Kafka to address snappy-java vulnerabilities (CVE-2023-43642, CVE-2023-34455, ...) #2445

merged 2 commits into from
Jul 17, 2024

Conversation

martinweiler
Copy link
Contributor

This upgrade to Kafka 3.6.0 will result in an update of the snappy-java dependency to 1.1.10.4 to address the following vulnerabilities:

https://nvd.nist.gov/vuln/detail/CVE-2023-34453
https://nvd.nist.gov/vuln/detail/CVE-2023-34454
https://nvd.nist.gov/vuln/detail/CVE-2023-34455
https://nvd.nist.gov/vuln/detail/CVE-2023-43642

@elguardian
Copy link
Member

Jenkins run fdb

@elguardian elguardian self-requested a review April 9, 2024 07:26
@elguardian
Copy link
Member

@martinweiler let's wait for the fdb.

@akumar074 akumar074 added the backport-7.67.x-blue Generate backport PR for 7.67.x-blue branch label Jul 11, 2024
@akumar074
Copy link
Member

jenkins do fdb

@akumar074
Copy link
Member

Jenkins do fdb

@akumar074
Copy link
Member

Jenkins run fdb

elguardian
elguardian approved these changes Jul 15, 2024
View reviewed changes
Copy link
Member

@elguardian elguardian left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@elguardian elguardian requested a review from gmunozfe July 15, 2024 07:13
@elguardian
Copy link
Member

@gmunozfe have a look and merge whenever possible.

@mareknovotny
Copy link
Member

@martinweiler @elguardian @gmunozfe there are test failures

  • org.jbpm.workitem.springboot.samples.KafkaProxyAsyncSampleTest
  • org.jbpm.workitem.springboot.samples.KafkaProxySampleTest

related to this upgrade.
See
Doesn't know the specified Kafka version: 3.6.0. The supported Kafka versions are: [2.8.1, 3.0.0, 3.1.0]

mareknovotny
mareknovotny requested changes Jul 16, 2024
View reviewed changes
Copy link
Member

@mareknovotny mareknovotny left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this version requires to fix also Kafka tests to know this version

@martinweiler
Copy link
Contributor Author

Thank you @mareknovotny - good catch. I have updated Kafka / Strimzi now to be aligned.

@mareknovotny
Copy link
Member

jenkins do fdb

@mareknovotny mareknovotny self-requested a review July 17, 2024 14:13
@mareknovotny mareknovotny merged commit 627f318 into kiegroup:main Jul 17, 2024
4 of 5 checks passed
github-actions bot pushed a commit that referenced this pull request Jul 17, 2024
@martinweiler
Upgrade Kafka to address snappy-java vulnerabilities (CVE-2023-43642, C…
7efd6a0 
…VE-2023-34455, ...) (#2445)

* Upgrade Kafka to address snappy-java vulnerabilities (CVE-2023-43642, CVE-2023-34455, ...)

* Update strimzi test container and align Kafka version
@github-actions github-actions bot mentioned this pull request Jul 17, 2024
Merged
akumar074 pushed a commit that referenced this pull request Jul 19, 2024
@github-actions @martinweiler
Upgrade Kafka to address snappy-java vulnerabilities (CVE-2023-43642, C…
06fa2c6 
…VE-2023-34455, ...) (#2445) (#2461)

* Upgrade Kafka to address snappy-java vulnerabilities (CVE-2023-43642, CVE-2023-34455, ...)

* Update strimzi test container and align Kafka version

Co-authored-by: Martin Weiler <[email protected]>
@mareknovotny mareknovotny mentioned this pull request Oct 14, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@elguardian elguardian elguardian approved these changes

@mareknovotny mareknovotny mareknovotny approved these changes

@gmunozfe gmunozfe Awaiting requested review from gmunozfe

Assignees
No one assigned
Labels
backport-7.67.x-blue Generate backport PR for 7.67.x-blue branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@martinweiler @elguardian @akumar074 @mareknovotny