Red Hat SummitChapter 8. Fixed issues
The issues fixed in Streams for Apache Kafka 2.8 on OpenShift.
For details of the issues fixed in Kafka 3.8.0, refer to the Kafka 3.8.0 Release Notes.
| Issue number | Description |
|---|---|
| Wrong keystore password error in re-built image | |
| Topic Operator replication factor changes seem to conflict with Cruise Control rebalancing | |
| Additional Volumes in Pod | |
| The correct pod might not be restarted during PVC resizing | |
| Unnecessary CA replacement run with custom CA | |
| Add support for Kafka 3.8 | |
| Continuously generating secrets in the Kafka instance namespace on OCP 4.16 | |
| Logging update does not effect for controllers until rolled manually | |
| Promote the UseKRaft feature gate to GA | |
| Duplicate volume IDs in JBOD storage cause Pod creation errors | |
| Logging configuration is never updated for Connect when connector operator is disabled | |
| MM2 connector auto-restarting does not seem to work | |
| Wrong parsing of SSL principal in Strimzi Quotas plugin | |
| Promote KafkaNodePools feature gate to GA | |
| RF Change | |
| JBOD support in KRaft mode | |
| Should manual rolling update failure fail the whole reconciliation? | |
| Allow declarative configuration of the default user quotas | |
| Remove Bidirectional TO and ZooKeeper use from TO | |
| Improvements to Quotas support | |
| Notifications and alerting when the user operator managed certificates are close to expiry |
| Issue number | Description |
|---|---|
| Console operator deployment name too general |
| Issue number | Description |
|---|---|
| Record Encryption does not use new key material resulting from a rotation to encrypt newly produced records |
| Issue Number | Description |
|---|---|
| CVE-2024-7254 protobuf: StackOverflow vulnerability in Protocol Buffers | |
| CVE-2024-47554 Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader | |
| CVE-2024-9823 org.eclipse.jetty/jetty-servlets: Jetty DOS vulnerability on DosFilter [amq-st-2] | |
| CVE-2024-8184 org.eclipse.jetty/jetty-server: Jetty ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks [amq-st-2] | |
| CVE-2024-8285 io.kroxylicious-kroxylicious-parent: Missing upstream Kafka TLS hostname verification [amq-st-2] |
Security updates
Check the latest information about Streams for Apache Kafka security updates in the Red Hat Product Advisories portal.
Erratas
Check the latest security and product enhancement advisories for Streams for Apache Kafka.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}