Red Hat SummitChapter 7. Fixed issues
The issues fixed in AMQ Streams 2.4 on OpenShift.
For details of the issues fixed in Kafka 3.4.0, refer to the Kafka 3.4.0 Release Notes.
| Issue Number | Description |
|---|---|
| Rolling update after cluster cert deletion is stuck when operationTimeout is on 30s | |
| User Operator does not scale | |
| Bridge raising access denied exception when missing content-type in the request | |
| [KAFKA] MM2 connector task stopped and didn’t result in failed state | |
| [KAFKA] Confusing error in MM2 when offsets for a group cannot be synced | |
| KafkaRoller: NPEs when the Pod does not exist | |
| Delete the StrimziPodSet or StatefulSet first when migrating between them | |
| KafkaConnect build does not use custom repository for parent maven dependency resolution | |
|
Enabling metrics fails bridge startup with | |
|
Fix validation of the | |
| HTTP client not get assigned partitions via /assignments endpoint | |
| Resources should validate correctness of new configuration | |
| Newly added OAuth Password Grant feature not working in Kafka Bridge | |
| Sending messages with CORS enabled raises a 400 Bad request with Null body error | |
| [Kafka Bridge] Producing async=true drives to OpenTelemetry spans not linked together | |
| Add support to cgroups v2 in Kafka Bridge | |
|
Confusing Cruise Control logs when finished | |
| Connector auto-restart counter does not reset back to 0 | |
| Allow Kafka exporter to change the timezone | |
| Kafka Exporter dashboard does not work in newer Grafana versions | |
| Certificate key replacement fails when Cluster Operator crashes after the trust is established |
| Issue Number | Description |
|---|---|
| Drain Cleaner dependency: Red Hat build of Quarkus 2.13.7 | |
| Drain Cleaner dependency: Red Hat build of Quarkus 2.13.5 | |
|
CVE-2022-42003 CVE-2022-42003 jackson-databind: deep wrapper array nesting when | |
| CVE-2022-42004 jackson-databind: use of deeply nested arrays | |
|
CVE-2023-25194: Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS | |
| CVE-2020-36518 jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects | |
| CVE-2021-37137 Snappy frame decoder function doesn’t restrict the chunk length which may lead to excessive memory usage | |
| CVE-2021-37136 Bzip2 decompression decoder function doesn’t allow setting size restrictions on the decompressed output data | |
| CVE-2022-24823 Local information disclosure vulnerability in Netty | |
| CVE-2022-36944 Scala 2.13.x before 2.13.9 has a Java deserialization risk via a gadget chain | |
| CVE-2023-1370 JSON processor lib may cause stack exhaustion (stack overflow) due to recursive nesting of arrays/objects | |
|
CVE-2023-24815 Vert.x-Web apps serving files using |
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}