nifi-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pierre Villard (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (NIFI-5599) Bump Kafka versions
Date Sat, 15 Sep 2018 16:13:00 GMT

    [ https://issues.apache.org/jira/browse/NIFI-5599?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16616379#comment-16616379
] 

Pierre Villard edited comment on NIFI-5599 at 9/15/18 4:12 PM:
---------------------------------------------------------------

Just to add more clarity on this JIRA. The existing processors (with current version) does
not expose the issue as it requires authenticated Kafka users to manually create a very specific
fetch request. Also, the fix for this CVE in on broker's side ([https://developer.ibm.com/dwblog/2018/anatomy-kafka-cve/]).
However, we can expect users of Kafka to upgrade their brokers and best is to have the matching
version for the kafka client.


was (Author: pvillard):
Just to add more clarity on this JIRA. The existing processors (with current version) does
not expose the issue as it requires authenticated Kafka users to manually create a very specific
fetch request. Also, the fix for this CVE in on broker's side ([https://developer.ibm.com/dwblog/2018/anatomy-kafka-cve/).]
However, we can expect users of Kafka to upgrade their brokers and best is to have the matching
version for the kafka client.

> Bump Kafka versions
> -------------------
>
>                 Key: NIFI-5599
>                 URL: https://issues.apache.org/jira/browse/NIFI-5599
>             Project: Apache NiFi
>          Issue Type: Improvement
>          Components: Extensions
>            Reporter: Pierre Villard
>            Assignee: Pierre Villard
>            Priority: Major
>
> I'd like to bump versions for the existing Kafka processors in order to prevent CVE-2018-1288
> http://mail-archives.apache.org/mod_mbox/kafka-dev/201807.mbox/%3CCAOJcB3_j1XqXK3TnJaqZrga0d13=taYOVoG9cGG0og5Zf+=L5w@mail.gmail.com%3E



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message