[
https://issues.apache.org/jira/browse/KAFKA-13748?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17519986#comment-17519986
]
Luca Carettoni commented on KAFKA-13748:
----------------------------------------
Would you mind providing the CVE for this issue? Thanks
> Do not include file stream connectors in Connect's CLASSPATH and plugin.path
> by default
> ---------------------------------------------------------------------------------------
>
> Key: KAFKA-13748
> URL: https://issues.apache.org/jira/browse/KAFKA-13748
> Project: Kafka
> Issue Type: Bug
> Components: KafkaConnect
> Reporter: Konstantine Karantasis
> Assignee: Konstantine Karantasis
> Priority: Major
> Fix For: 3.2.0, 3.1.1, 3.0.2
>
>
> File stream connectors have been included with Kafka Connect distributions
> from the very beginning. These simple connectors were included to show case
> connector implementation but were never meant to be used in production and
> have been only available for the straightforward demonstration of Connect's
> capabilities through our quick start guides.
>
> Given that these connectors are not production ready and yet they offer
> access to the local filesystem, with this ticket I propose to remove them
> from our deployments by default by excluding these connectors from the
> {{CLASSPATH}} or the default {{{}plugin.path{}}}.
>
> The impact will be minimal. Quick start guides will require a single
> additional step of editing the {{plugin.path}} to include the single package
> that includes these connectors. Production deployments will remain unaffected
> because these are not production grade connectors.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
