[
https://issues.apache.org/jira/browse/KAFKA-14206?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mickael Maison resolved KAFKA-14206.
------------------------------------
Fix Version/s: 3.5.0
Resolution: Fixed
Kafka 3.5.0 uses ZooKeeper 3.6.4
> Upgrade zookeeper to 3.7.1 to address security vulnerabilities
> --------------------------------------------------------------
>
> Key: KAFKA-14206
> URL: https://issues.apache.org/jira/browse/KAFKA-14206
> Project: Kafka
> Issue Type: Improvement
> Components: packaging
> Affects Versions: 3.2.1
> Reporter: Valeriy Kassenbayev
> Priority: Blocker
> Fix For: 3.5.0
>
>
> Kafka 3.2.1 is using ZooKeeper, which is affected by
> [CVE-2021-37136|https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-1584064] and
> [CVE-2021-37137:|https://www.cve.org/CVERecord?id=CVE-2021-37137]
> {code:java}
> ✗ Denial of Service (DoS) [High
> Severity][https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-1584063] in
> io.netty:[email protected]
> introduced by org.apache.kafka:[email protected] >
> org.apache.zookeeper:[email protected] > io.netty:[email protected] >
> io.netty:[email protected]
> This issue was fixed in versions: 4.1.68.Final
> ✗ Denial of Service (DoS) [High
> Severity][https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-1584064] in
> io.netty:[email protected]
> introduced by org.apache.kafka:[email protected] >
> org.apache.zookeeper:[email protected] > io.netty:[email protected] >
> io.netty:[email protected]
> This issue was fixed in versions: 4.1.68.Final {code}
> The issues were fixed in the next versions of ZooKeeper (starting from
> 3.6.4). ZooKeeper 3.7.1 is the next stable
> [release|https://zookeeper.apache.org/releases.html] at the moment.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
