[kafka] branch trunk updated: MINOR: Fix the outdated comments of ConfigDef (#13710)

2023-05-18 Thread showuon 
This is an automated email from the ASF dual-hosted git repository.

showuon pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/kafka.git


The following commit(s) were added to refs/heads/trunk by this push:
 new c90a08c37e7 MINOR: Fix the outdated comments of ConfigDef (#13710)
c90a08c37e7 is described below

commit c90a08c37e7568b6e348320450e76db291283edb
Author: Aaron Ai 
AuthorDate: Fri May 19 13:00:20 2023 +0800

MINOR: Fix the outdated comments of ConfigDef (#13710)

Fix the outdated comments of ConfigDef since the signature of the 
corresponding method has been updated.

Reviewers: Luke Chen 
---
 .../java/org/apache/kafka/common/config/ConfigDef.java| 15 +--
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git 
a/clients/src/main/java/org/apache/kafka/common/config/ConfigDef.java 
b/clients/src/main/java/org/apache/kafka/common/config/ConfigDef.java
index 150cdf4de19..5954cbf29c9 100644
--- a/clients/src/main/java/org/apache/kafka/common/config/ConfigDef.java
+++ b/clients/src/main/java/org/apache/kafka/common/config/ConfigDef.java
@@ -53,9 +53,12 @@ import java.util.stream.Collectors;
  * 
  * ConfigDef defs = new ConfigDef();
  *
- * defs.define(config_with_default, Type.STRING, default 
string value, Configuration with default value.);
- * defs.define(config_with_validator, Type.INT, 42, 
Range.atLeast(0), Configuration with user provided validator.);
- * defs.define(config_with_dependents, Type.INT, 
Configuration with dependents., group, 1, Config 
With Dependents, 
Arrays.asList(config_with_default,config_with_validator));
+ * // check {@link #define(String, Type, Object, Importance, String)} for more 
details.
+ * defs.define(config_with_default, Type.STRING, default 
string value, Importance.High, Configuration with default 
value.);
+ * // check {@link #define(String, Type, Object, Validator, Importance, 
String)} for more details.
+ * defs.define(config_with_validator, Type.INT, 42, 
Range.atLeast(0), Importance.High, Configuration with user provided 
validator.);
+ * // check {@link #define(String, Type, Importance, String, String, int, 
Width, String, List)} for more details.
+ * defs.define(config_with_dependents, Type.INT, Importance.LOW, 
Configuration with dependents., group, 1, Width.SHORT, 
Config With Dependents, 
Arrays.asList(config_with_default,config_with_validator));
  *
  * MapString, String props = new HashMap();
  * props.put(config_with_default, some value);
@@ -67,9 +70,9 @@ import java.util.stream.Collectors;
  * // will return default value of 42
  * int anotherConfig = (Integer) 
configs.get(config_with_validator);
  *
- * To validate the full configuration, use:
- * ListConfig configs = defs.validate(props);
- * The {@link Config} contains updated configuration information given the 
current configuration values.
+ * // To validate the full configuration, use:
+ * ListConfigValue configValues = defs.validate(props);
+ * // The {@link ConfigValue} contains updated configuration information given 
the current configuration values.
  * 
  * 
  * This class can be used standalone or in combination with {@link 
AbstractConfig} which provides some additional

[kafka-site] branch asf-site updated: MINOR: Update CVE-2023-25194 details

2023-05-18 Thread manikumar 
This is an automated email from the ASF dual-hosted git repository.

manikumar pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/kafka-site.git


The following commit(s) were added to refs/heads/asf-site by this push:
 new 9db09131 MINOR: Update CVE-2023-25194 details
9db09131 is described below

commit 9db091312714a5497dd78eaa2518eeae6d5ba444
Author: Manikumar Reddy 
AuthorDate: Thu May 18 21:56:22 2023 +0530

MINOR: Update CVE-2023-25194 details
---
 cve-list.html | 8 
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/cve-list.html b/cve-list.html
index 01f6cc17..3d90e0f8 100644
--- a/cve-list.html
+++ b/cve-list.html
@@ -9,9 +9,9 @@
 
 This page lists all security vulnerabilities fixed in released versions of 
Apache Kafka.
 
-  https://nvd.nist.gov/vuln/detail/CVE-2023-25194;>CVE-2023-25194 
Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule 
configuration using Kafka Connect  
+  https://nvd.nist.gov/vuln/detail/CVE-2023-25194;>CVE-2023-25194 
Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule 
configuration using Apache Kafka Connect API  
 
-  A possible security vulnerability has been identified in Apache Kafka 
Connect.
+  A possible security vulnerability has been identified in Apache Kafka 
Connect API.
 This requires access to a Kafka Connect worker, and the ability to 
create/modify connectors on it with an arbitrary Kafka client SASL JAAS config
 and a SASL-based security protocol, which has been possible on Kafka 
Connect clusters since Apache Kafka 2.3.0. This will allow to perform JNDI 
requests
 that result in Denial of service/remote code execution.
@@ -21,11 +21,11 @@ This page lists all security vulnerabilities fixed in 
released versions of Apach
 
 
   Versions affected
-  2.3.0 - 3.3.2
+  Apache Kafka Connect API (https://mvnrepository.com/artifact/org.apache.kafka/connect-api;>connect-api,https://mvnrepository.com/artifact/org.apache.kafka/connect-runtime;>connect-runtime)
 : 2.3.0 - 3.3.2
 
 
   Fixed versions
-  3.4.0
+  Apache Kafka Connect API (https://mvnrepository.com/artifact/org.apache.kafka/connect-api;>connect-api,https://mvnrepository.com/artifact/org.apache.kafka/connect-runtime;>connect-runtime)
 : 3.4.0
 
 
   Impact