Search

Chapter 6. Fixed issues

download PDF

The following sections list the issues fixed in AMQ Streams 2.2.x. Red Hat recommends that you upgrade to the latest patch release.

For details of the issues fixed in Kafka 3.2.0, 3.2.1, and 3.2.3, refer to the Kafka 3.2.0 Release Notes, Kafka 3.2.1 Release Notes, and Kafka 3.2.3 Release Notes.

6.1. Fixed issues for AMQ Streams 2.2.2

The AMQ Streams 2.2.2 patch release (Long Term Support) is now available.

HTTP/2 DoS vulnerability (CVE-2023-44487)

The release addresses CVE-2023-44487, a critical Denial of Service (DoS) vulnerability in the HTTP/2 protocol. The vulnerability stems from mishandling multiplexed streams, allowing a malicious client to repeatedly request new streams and promptly cancel them using an RST_STREAM frame. By doing so, the attacker forces the server to expend resources setting up and tearing down streams without reaching the server-side limit for active streams per connection. For more information on this vulnerability, see the CVE-2023-44487 page for a description.

For additional details about the issues resolved in AMQ Streams 2.2.2, see AMQ Streams 2.2.x Resolved Issues.

6.2. Fixed issues for AMQ Streams 2.2.1

For additional details about the issues resolved in AMQ Streams 2.2.1, see AMQ Streams 2.2.x Resolved Issues.

6.3. Fixed issues for AMQ Streams 2.2.0

Table 6.1. Fixed issues
Issue NumberDescription

ENTMQST-3757

[KAFKA] MirrorMaker 2.0 negative lag

ENTMQST-3762

"VertxException: Thread blocked" during Topic Operator startup

ENTMQST-3775

Bridge should not use slf4j-api and log4j-api at the same time

ENTMQST-3862

Improve logging in KafkaRoller

ENTMQST-3867

Fix non-cascading deletion of the StrimziPodSet resources

ENTMQST-3897

Reconciliation failures for KafkaConnector resources are not counted in operator metrics

ENTMQST-3918

Rolling update force-rolls pods during cluster startup

ENTMQST-3955

Add support for parsing storage in millibyte units

ENTMQST-3956

Fail reconciliation when invalid storage unit is used

ENTMQST-3958

Avoid unnecessary rolling updates of the Cruise Control deployment

ENTMQST-3972

Missing annotation ANNO_STRIMZI_IO_CLUSTER_CA_CERT_GENERATION on pods cause errors in CO log during Kafka reconciliations

ENTMQST-3997

Kafka Connect Build should fail when curl download fails

ENTMQST-4017

Errors on KafkaRebalance custom resource not logged properly

ENTMQST-4071

Handle FIPS mode in the AMQ Streams Drain cleaner

ENTMQST-4264

[KAFKA] Unauthenticated clients may cause OutOfMemoryError on brokers

Table 6.2. Fixed common vulnerabilities and exposures (CVEs)
Issue NumberDescription

ENTMQST-3917

CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects

ENTMQST-4049

CVE-2022-24823 netty: world readable temporary file containing sensitive data

ENTMQST-4050

CVE-2022-25647 com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.