[
https://issues.apache.org/jira/browse/KAFKA-18204?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17904721#comment-17904721
]
Bruno Cadonna commented on KAFKA-18204:
---------------------------------------
[~suresh7] [~swikarpat]
Thanks for your interest!
This ticket is a duplicate of
https://issues.apache.org/jira/browse/KAFKA-15443. I will mark it as a
duplicate.
Could you please copy over the useful information you added to this ticket to
KAFKA-15443?
Also feel free to ask on the other ticket to reassign it to yourself.
> Upgrade to rocksdb 8.x+ (ideally 9.x)
> -------------------------------------
>
> Key: KAFKA-18204
> URL: https://issues.apache.org/jira/browse/KAFKA-18204
> Project: Kafka
> Issue Type: Bug
> Reporter: Radha Krishna Peteti
> Assignee: Suresh Kumar
> Priority: Major
>
> Kafka still uses rocksdbjni version 7.x (ref:
> [https://github.com/apache/kafka/blob/trunk/gradle/dependencies.gradle#L120])
> which is no longer receiving backports from upstream.
> Please update to rocksdb version 9.x (latest version) so that security
> updates are received.
> Examples for critical vulnerabilities (CVE score 9.8) in rocksdb version 7.x:
> [https://nvd.nist.gov/vuln/detail/CVE-2023-45853]
> [https://nvd.nist.gov/vuln/detail/CVE-2022-37434]
> (updating to the tip of 8.x release fixes these two vulnerabilities but for
> any new security fixes, we will need to move to 9.x)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
