Detail
Detail
Bugfix
This ticket addresses two vulnerabilities in Apache Kafka:
- CVE-2024-56128: Missing SCRAM nonce check.
- CVE-2024-31141: Insecure ConfigProvider implementations allow access to files or environment variables.
Additionally, the new property enable.metrics.push was introduced, which was set to false by default to avoid compatibility issues with older brokers. To enable telemetry, this property must be set to true.
The security vulnerabilities are fixed by the version upgrade of the Kafka clients to 3.9.0.
Test
No test.