Strimzi
Replies: 1 comment 3 replies
-
|
There is no plan to do patch releases for these old versions. You can upgrade to newer Strimzi versions to get a fix for the Kafka CVE. |
Beta Was this translation helpful? Give feedback.
-
|
So, Are you able to support kafka 2.8.2 on strimzi-kafka-operator newer versions like 0.32.1 or newest? |
Beta Was this translation helpful? Give feedback.
-
|
There is no plan for this either. If you want CVEs fixed you have to update to newer version of the Strimzi operator supporting newer version of Kafka. Of course, you could leave your clients using the 2.8.2 protocol because Kafka is backward compatible. |
Beta Was this translation helpful? Give feedback.
-
The CVE you are referring to is fixed in Kafka 3.2.3 or 3.3.1 supported by Strimzi 0.32. |
Beta Was this translation helpful? Give feedback.
-
Is your feature request related to a problem? Please describe.
We are using kafka 2.7.0 and got an issue about CVE-2022-34917 Security Vulnerabilites.
But, strimzi-kafka-operator only supports kafka 3.1.2 version.
We think it seems risky Upgrading straight from 2.7.0 to 3.1.2 and takes many time to test upgrading version.
We want to be supported kafka 2.8.2 on strimzi-operator 0.25.0 or 0.27.0
Describe the solution you'd like
Could you support kafka version 2.8.2 on strimzi-operator 0.25.0 or 0.27.0?
https://github.com/strimzi/strimzi-kafka-operator/blob/0.27.0/kafka-versions.yaml#L141
Describe alternatives you've considered
Additional context
Beta Was this translation helpful? Give feedback.
All reactions