Chapter 6. Fixed issues
The following sections list the issues fixed in AMQ Streams 2.2.x. Red Hat recommends that you upgrade to the latest patch release.
For details of the issues fixed in Kafka 3.2.0, 3.2.1, and 3.2.3, refer to the Kafka 3.2.0 Release Notes, Kafka 3.2.1 Release Notes, and Kafka 3.2.3 Release Notes.
6.1. Fixed issues for AMQ Streams 2.2.2
The AMQ Streams 2.2.2 patch release (Long Term Support) is now available.
HTTP/2 DoS vulnerability (CVE-2023-44487)
The release addresses CVE-2023-44487, a critical Denial of Service (DoS) vulnerability in the HTTP/2 protocol. The vulnerability stems from mishandling multiplexed streams, allowing a malicious client to repeatedly request new streams and promptly cancel them using an RST_STREAM
frame. By doing so, the attacker forces the server to expend resources setting up and tearing down streams without reaching the server-side limit for active streams per connection. For more information on this vulnerability, see the CVE-2023-44487 page for a description.
For additional details about the issues resolved in AMQ Streams 2.2.2, see AMQ Streams 2.2.x Resolved Issues.
6.2. Fixed issues for AMQ Streams 2.2.1
For additional details about the issues resolved in AMQ Streams 2.2.1, see AMQ Streams 2.2.x Resolved Issues.
6.3. Fixed issues for AMQ Streams 2.2.0
Issue Number | Description |
---|---|
[KAFKA] MirrorMaker 2.0 negative lag | |
"VertxException: Thread blocked" during Topic Operator startup | |
Bridge should not use slf4j-api and log4j-api at the same time | |
Improve logging in KafkaRoller | |
Fix non-cascading deletion of the StrimziPodSet resources | |
Reconciliation failures for KafkaConnector resources are not counted in operator metrics | |
Rolling update force-rolls pods during cluster startup | |
Add support for parsing storage in millibyte units | |
Fail reconciliation when invalid storage unit is used | |
Avoid unnecessary rolling updates of the Cruise Control deployment | |
Missing annotation ANNO_STRIMZI_IO_CLUSTER_CA_CERT_GENERATION on pods cause errors in CO log during Kafka reconciliations | |
Kafka Connect Build should fail when curl download fails | |
Errors on KafkaRebalance custom resource not logged properly | |
Handle FIPS mode in the AMQ Streams Drain cleaner | |
[KAFKA] Unauthenticated clients may cause OutOfMemoryError on brokers |
Issue Number | Description |
---|---|
CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects | |
CVE-2022-24823 netty: world readable temporary file containing sensitive data | |
CVE-2022-25647 com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson |