Chapter 6. Fixed issues

The issues fixed in Streams for Apache Kafka 2.7 on RHEL.

For details of the issues fixed in Kafka 3.7.0, refer to the Kafka 3.7.0 Release Notes.

Table 6.1. Fixed issues
Issue Number	Description
ENTMQST-5839	OAuth issue fix: `oauth.fallback.username.prefix` had no effect
ENTMQST-5753	Producing with different embedded formats across multiple HTTP requests isn’t honoured
ENTMQST-5504	Add support for Kafka and Strimzi upgrades when KRaft is enabled
ENTMQST-3994	ZooKeeper to KRaft migration

Table 6.2. Fixed common vulnerabilities and exposures (CVEs)
Issue Number	Description
ENTMQST-5886	CVE-2023-43642 flaw was found in SnappyInputStream in snappy-java
ENTMQST-5885	CVE-2023-52428 Nimbus JOSE+JWT before 9.37.2
ENTMQST-5884	CVE-2022-4899 vulnerability was found in zstd v1.4.10
ENTMQST-5883	CVE-2021-24032 flaw was found in zstd
ENTMQST-5882	CVE-2024-23944 Apache ZooKeeper: Information disclosure in persistent watcher handling
ENTMQST-5881	CVE-2021-3520 a flaw in lz4
ENTMQST-5835	CVE-2024-29025 netty-codec-http: Allocation of Resources Without Limits or Throttling
ENTMQST-5646	CVE-2024-1023 vert.x: io.vertx/vertx-core: memory leak due to the use of Netty FastThreadLocal data structures in Vertx
ENTMQST-5667	CVE-2024-1300 vertx-core: io.vertx:vertx-core: memory leak when a TCP server is configured with TLS and SNI support