Uploaded image for project: 'Red Hat Process Automation Manager'
  1. Red Hat Process Automation Manager
  2. RHPAM-4418

Kogito on Spring Boot misalignment of kafka-clients version

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Do
    • Critical
    • None
    • 7.13.0.GA
    • Kogito Core
    • None
    • False
    • None
    • False
    • Release Notes
    • CR1
    • Workaround Exists
    • Hide

      1. in your projects define explicitly dependencyManagement for org.apache.kafka:kafka-clients dependency to use version released by AMQ Streams release supported at given time.

      Show
      1. in your projects define explicitly dependencyManagement for org.apache.kafka:kafka-clients dependency to use version released by AMQ Streams release supported at given time.
    • ---
    • ---

    Description

      Kafka-clients dependency version for Kogito Spring Boot is by default managed by org.springframework.boot:spring-boot-dependencies BOM.

      Depending on which Spring Boot version is used users might end up with unsupported or vulnerable version of kafka-clients. Goal is to be in sync with versions of kafka-clients dependency released by AMQ Streams.

      • spring-boot-dependencies:2.5.12 (latest RH supported release) brings in version of kafka-clients:2.7.2, which is vulnerable to RHPAM-3940
      • spring-boot-dependencies:2.6.6 (currently configured in community) brings in version of kafka-clients:3.0.1, which is not a RH supported version.

      We need to override default dependency in our kogito-spring-boot-bom to make sure we stick to expected kafka-clients version.

      In case of Quarkus, kafka-clients version is correctly managed by quarkus-bom (using version supported by AMQ Streams 2.1). So we probably don't want to override dependencyManagement there, rather synchronize between runtimes.

      Attachments

        Issue Links

          is related to

          Bug - A problem that impairs or prevents the functions of the product. RHPAM-4419 Kogito aligned with non supported Spring Boot version

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              cnicolai@redhat.com Cristiano Nicolai
              jstastny@redhat.com Jan Stastny
              Jan Stastny Jan Stastny
              Jan Stastny Jan Stastny
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: