[
https://issues.apache.org/jira/browse/PHOENIX-6906?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17700326#comment-17700326
]
Istvan Toth commented on PHOENIX-6906:
--------------------------------------
I haven't seen any activity or sign of usage on the Kafka connector in the last
3 and a half years.
Maybe it's time to drop it.
> [phoenix-connectors] Upgrade kafka-client version used for phoenix-kafka due
> to CVE issues
> ------------------------------------------------------------------------------------------
>
> Key: PHOENIX-6906
> URL: https://issues.apache.org/jira/browse/PHOENIX-6906
> Project: Phoenix
> Issue Type: Bug
> Components: kafka-connector
> Reporter: Andrew Kyle Purtell
> Priority: Major
>
> The version of kafka-client used by phoenix-kafka has known CVE issues, refer
> to https://kafka.apache.org/cve-list . To get past the CVE issues this
> component should be upgraded to 3.4.0. Unfortunately this represents a major
> version upgrade and the current PhoenixConsumer and/or its test code must be
> significantly changed to accomodate it. After tinkering with
> PhoenixConsumerIT to deal with configuration changes (admin requires
> bootstrap.servers property) the consumer throws
> ConcurrentModificationExceptions, indicating the current threading model used
> by PhoenixConsumer is now no longer correct.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
