[jira] [Commented] (KAFKA-18204) Upgrade to rocksdb 8.x+ (ideally 9.x)

Bruno Cadonna (Jira) Wed, 11 Dec 2024 00:33:18 -0800


    [ 
https://issues.apache.org/jira/browse/KAFKA-18204?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17904722#comment-17904722
 ]


Bruno Cadonna commented on KAFKA-18204:
---------------------------------------

Also consider that we need a API compatibility report as noted in KAFKA-15443. 

> Upgrade to rocksdb 8.x+ (ideally 9.x)
> -------------------------------------
>
>                 Key: KAFKA-18204
>                 URL: https://issues.apache.org/jira/browse/KAFKA-18204
>             Project: Kafka
>          Issue Type: Bug
>            Reporter: Radha Krishna Peteti
>            Assignee: Suresh Kumar
>            Priority: Major
>             Fix For: 4.0.0
>
>
> Kafka still uses rocksdbjni version 7.x (ref: 
> [https://github.com/apache/kafka/blob/trunk/gradle/dependencies.gradle#L120]) 
> which is no longer receiving backports from upstream.
> Please update to rocksdb version 9.x (latest version) so that security 
> updates are received.
> Examples for critical vulnerabilities (CVE score 9.8) in rocksdb version 7.x:
> [https://nvd.nist.gov/vuln/detail/CVE-2023-45853]
> [https://nvd.nist.gov/vuln/detail/CVE-2022-37434]
> (updating to the tip of 8.x release fixes these two vulnerabilities but for 
> any new security fixes, we will need to move to 9.x)



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (KAFKA-18204) Upgrade to rocksdb 8.x+ (ideally 9.x)

Reply via email to