I don't think Guava is a dependency in master or 2.5.0.
Ismael
On Tue, Apr 14, 2020 at 11:08 AM Guozhang Wang wrote:
> Thanks for the reported issue.
>
> For guava I think we should just upgrade version to 24.1.1 or newer to
> resolve 10237.
>
> For rocksdbjni, I saw that at the moment even cur
Thanks for the reported issue.
For guava I think we should just upgrade version to 24.1.1 or newer to
resolve 10237.
For rocksdbjni, I saw that at the moment even current master is still using
bzip version 1.0.6 so 3189 and 12900 would be existed in newest rocksDB
version. I'd suggest you post on
Hi Kafka experts:
I figure out that the guava and rocksdbjni used by Kafka of the the latest
version 2.4.1, relates with several CVEs.
The CVE for guava 20 is CVE-2018-10237, and the CVEs for rocksdbjni compiled
with bzip2 1.0.6 is CVE-2016-3189 and CVE-2019-12900.
Is Kafka affected b