Chapter 7. Fixed issues


The issues fixed in AMQ Streams 2.4 on OpenShift.

For details of the issues fixed in Kafka 3.4.0, refer to the Kafka 3.4.0 Release Notes.

Table 7.1. Fixed issues
Issue NumberDescription

ENTMQST-2033

Rolling update after cluster cert deletion is stuck when operationTimeout is on 30s

ENTMQST-3756

User Operator does not scale

ENTMQST-3799

Bridge raising access denied exception when missing content-type in the request

ENTMQST-4107

[KAFKA] MM2 connector task stopped and didn’t result in failed state

ENTMQST-4109

[KAFKA] Confusing error in MM2 when offsets for a group cannot be synced

ENTMQST-4115

KafkaRoller: NPEs when the Pod does not exist

ENTMQST-4346

Delete the StrimziPodSet or StatefulSet first when migrating between them

ENTMQST-4349

KafkaConnect build does not use custom repository for parent maven dependency resolution

ENTMQST-4405

Enabling metrics fails bridge startup with NoClassDefFoundError exception

ENTMQST-4427

Fix validation of the useServiceDnsDomain for cluster-ip type listeners

ENTMQST-4428

HTTP client not get assigned partitions via /assignments endpoint

ENTMQST-4429

Resources should validate correctness of new configuration

ENTMQST-4479

Newly added OAuth Password Grant feature not working in Kafka Bridge

ENTMQST-4489

Sending messages with CORS enabled raises a 400 Bad request with Null body error

ENTMQST-4493

[Kafka Bridge] Producing async=true drives to OpenTelemetry spans not linked together

ENTMQST-4494

Add support to cgroups v2 in Kafka Bridge

ENTMQST-4513

Confusing Cruise Control logs when finished KafkaRebalance resource is not deleted

ENTMQST-4521

Connector auto-restart counter does not reset back to 0

ENTMQST-4721

Allow Kafka exporter to change the timezone

ENTMQST-4779

Kafka Exporter dashboard does not work in newer Grafana versions

ENTMQST-4821

Certificate key replacement fails when Cluster Operator crashes after the trust is established

Table 7.2. Fixed common vulnerabilities and exposures (CVEs)
Issue NumberDescription

CVE-2022-1471

Drain Cleaner dependency: Red Hat build of Quarkus 2.13.7

CVE-2022-4147

Drain Cleaner dependency: Red Hat build of Quarkus 2.13.5

ENTMQST-4786

CVE-2022-42003 CVE-2022-42003 jackson-databind: deep wrapper array nesting when UNWRAP_SINGLE_VALUE_ARRAYS enabled

ENTMQST-4788

CVE-2022-42004 jackson-databind: use of deeply nested arrays

ENTMQST-4795

CVE-2023-25194: Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration using Kafka Connect

ENTMQST-4796

CVE-2020-36518 jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects

ENTMQST-4797

CVE-2021-37137 Snappy frame decoder function doesn’t restrict the chunk length which may lead to excessive memory usage

ENTMQST-4798

CVE-2021-37136 Bzip2 decompression decoder function doesn’t allow setting size restrictions on the decompressed output data

ENTMQST-4799

CVE-2022-24823 Local information disclosure vulnerability in Netty

ENTMQST-4802

CVE-2022-36944 Scala 2.13.x before 2.13.9 has a Java deserialization risk via a gadget chain

ENTMQST-4803

CVE-2023-1370 JSON processor lib may cause stack exhaustion (stack overflow) due to recursive nesting of arrays/objects

ENTMQST-4804

CVE-2023-24815 Vert.x-Web apps serving files using StaticHandler on Windows issue

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.