We recently upgraded from 2.5.0 to 3.3.1. Our usage is pretty simple -- just
basic pub/sub with the standard Java producer/consumer, nothing fancy. We just
needed to make this one small change in our code:
"The close(long, TimeUnit) method was removed from the producer, consumer and
admin client. Please use close(Duration)."
Otherwise, no problems, everything works for us the same as before. That said,
it is a major version upgrade, so your mileage may vary!
-Meg
-----Original Message-----
From: zjfpla...@hotmail.com <zjfpla...@hotmail.com>
Sent: Tuesday, March 28, 2023 10:47 PM
To: users <users@kafka.apache.org>
Subject: About CVE-2023-25194
CAUTION: External Email : Be wary of clicking links or if this claims to be
internal.
Hi,
Our kafka version is 2.x. I would like to ask everyone, is it risky
to upgrade to version 3.4.0 in order to fix CVE-2023-25194? Because there are
already customers using our products.
Also, I would like to ask you how to fix CVE-2023-25194 on version
2.x. I did not find the corresponding commit in the historical commit of 3.4.0.
Can someone help me find the corresponding commit record?
zjfpla...@hotmail.com
