Uploaded image for project: 'Quarkus'
  1. Quarkus
  2. QUARKUS-6584

Downgrade Kafka to version 3.7.1

XMLWordPrintable

    • Icon: Task Task
    • Resolution: Done-Errata
    • Icon: Major Major
    • 3.15.7.GA
    • None
    • team/prod
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • ---

      Quarkus upstream upgraded Kafka to version 3.7.2 due to fix for CVE-2024-56128 [1], but from product side the latest supported version of Kafka is 3.7.1.

      Talked to cescoffi@redhat.com about the situation, we agreed to downgrade to the product supported 3.7.1 as there are no intentions for them to build 3.7.2. The CVE has also not been backported to the product 3.7.1.

      [1] https://github.com/advisories/GHSA-p7c9-8xx8-h74f

              rguimara Roberto Oliveira
              rguimara Roberto Oliveira
              Rostislav Svoboda Rostislav Svoboda
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: