Fix mis-spell in ConsumerConfig.scala#4
Closed
MichaelBlume wants to merge 1 commit intoapache:trunkfrom
Closed
Conversation
asfgit
pushed a commit
that referenced
this pull request
Jul 29, 2015
Initial patch for KIP-25 Note that to install ducktape, do *not* use pip to install ducktape. Instead: ``` $ git clone gitgithub.com:confluentinc/ducktape.git $ cd ducktape $ python setup.py install ``` Author: Geoff Anderson <geoff@confluent.io> Author: Geoff <granders@gmail.com> Author: Liquan Pei <liquanpei@gmail.com> Reviewers: Ewen, Gwen, Jun, Guozhang Closes #70 from granders/KAFKA-2276 and squashes the following commits: a62fb6c [Geoff Anderson] fixed checkstyle errors a70f0f8 [Geoff Anderson] Merged in upstream trunk. 8b62019 [Geoff Anderson] Merged in upstream trunk. 47b7b64 [Geoff Anderson] Created separate tools jar so that the clients package does not pull in dependencies on the Jackson JSON tools or argparse4j. a9e6a14 [Geoff Anderson] Merged in upstream changes d18db7b [Geoff Anderson] fixed :rat errors (needed to add licenses) 321fdf8 [Geoff Anderson] Ignore tests/ and vagrant/ directories when running rat build task 795fc75 [Geoff Anderson] Merged in changes from upstream trunk. 1d93f06 [Geoff Anderson] Updated provisioning to use java 7 in light of KAFKA-2316 2ea4e29 [Geoff Anderson] Tweaked README, changed default log collection behavior on VerifiableProducer 0eb6fdc [Geoff Anderson] Merged in system-tests 69dd7be [Geoff Anderson] Merged in trunk 4034dd6 [Geoff Anderson] Merged in upstream trunk ede6450 [Geoff] Merge pull request #4 from confluentinc/move_muckrake 7751545 [Geoff Anderson] Corrected license headers e6d532f [Geoff Anderson] java 7 -> java 6 8c61e2d [Geoff Anderson] Reverted jdk back to 6 f14c507 [Geoff Anderson] Removed mode = "test" from Vagrantfile and Vagrantfile.local examples. Updated testing README to clarify aws setup. 98b7253 [Geoff Anderson] Updated consumer tests to pre-populate kafka logs e6a41f1 [Geoff Anderson] removed stray println b15b24f [Geoff Anderson] leftover KafkaBenchmark in super call 0f75187 [Geoff Anderson] Rmoved stray allow_fail. kafka_benchmark_test -> benchmark_test f469f84 [Geoff Anderson] Tweaked readme, added example Vagrantfile.local 3d73857 [Geoff Anderson] Merged downstream changes 42dcdb1 [Geoff Anderson] Tweaked behavior of stop_node, clean_node to generally fail fast 7f7c3e0 [Geoff Anderson] Updated setup.py for kafkatest c60125c [Geoff Anderson] TestEndToEndLatency -> EndToEndLatency 4f476fe [Geoff Anderson] Moved aws scripts to vagrant directory 5af88fc [Geoff Anderson] Updated README to include aws quickstart e5edf03 [Geoff Anderson] Updated example aws Vagrantfile.local 96533c3 [Geoff] Update aws-access-keys-commands 25a413d [Geoff] Update aws-example-Vagrantfile.local 884b20e [Geoff Anderson] Moved a bunch of files to kafkatest directory fc7c81c [Geoff Anderson] added setup.py 632be12 [Geoff] Merge pull request #3 from confluentinc/verbose-client 51a94fd [Geoff Anderson] Use argparse4j instead of joptsimple. ThroughputThrottler now has more intuitive behavior when targetThroughput is 0. a80a428 [Geoff Anderson] Added shell program for VerifiableProducer. d586fb0 [Geoff Anderson] Updated comments to reflect that throttler is not message-specific 6842ed1 [Geoff Anderson] left out a file from last commit 1228eef [Geoff Anderson] Renamed throttler 9100417 [Geoff Anderson] Updated command-line options for VerifiableProducer. Extracted throughput logic to make it reusable. 0a5de8e [Geoff Anderson] Fixed checkstyle errors. Changed name to VerifiableProducer. Added synchronization for thread safety on println statements. 475423b [Geoff Anderson] Convert class to string before adding to json object. bc009f2 [Geoff Anderson] Got rid of VerboseProducer in core (moved to clients) c0526fe [Geoff Anderson] Updates per review comments. 8b4b1f2 [Geoff Anderson] Minor updates to VerboseProducer 2777712 [Geoff Anderson] Added some metadata to producer output. da94b8c [Geoff Anderson] Added number of messages option. 07cd1c6 [Geoff Anderson] Added simple producer which prints status of produced messages to stdout. a278988 [Geoff Anderson] fixed typos f1914c3 [Liquan Pei] Merge pull request #2 from confluentinc/system_tests 81e4156 [Liquan Pei] Bootstrap Kafka system tests
ymatsuda
referenced
this pull request
in confluentinc/kafka
Aug 5, 2015
added close method to kstreamjob
relango
added a commit
to relango/kafka
that referenced
this pull request
Aug 7, 2015
Adding secure and securityConfigFile args to javaapi SimpleConsumer
guozhangwang
referenced
this pull request
in guozhangwang/kafka
Aug 26, 2015
implement StateStore methods in SlidingWindow
Parth-Brahmbhatt
pushed a commit
to Parth-Brahmbhatt/kafka
that referenced
this pull request
Oct 15, 2015
BUG-40771. Kafka metrics are not being shown on the dashboard.
benstopford
pushed a commit
to benstopford/kafka
that referenced
this pull request
Dec 16, 2015
KAFKA-2979: Add phase3 to rolling upgrade adding ACLs [SASL protocols…
Contributor
|
LGTM, merged to trunk and 0.9.0. |
fluetm
pushed a commit
to fluetm/kafka
that referenced
this pull request
Jan 6, 2017
Prevent scenario where no replicas in ISR are leader eligible
kehuum
pushed a commit
to kehuum/kafka
that referenced
this pull request
Mar 27, 2019
…che#4) Travis couldn't access one of the initially encrypted variables for some reason.
abhishekmendhekar
pushed a commit
to abhishekmendhekar/kafka
that referenced
this pull request
Jun 12, 2019
… Travis (apache#4) TICKET = LI_DESCRIPTION = Travis couldn't access one of the initially encrypted variables for some reason. EXIT_CRITERIA = MANUAL ["describe exit criteria"]
xiowu0
pushed a commit
to xiowu0/kafka
that referenced
this pull request
Jul 10, 2019
TICKET = LI_DESCRIPTION = [LI-HOTFIX] Add build changes to publish github LinkedIn Kafka artifacts to bintray (#1) TICKET = LI_DESCRIPTION = [NOTE] This is a temporary measure to publish artifacts until CI is properly set up to do the job automatically. Users are not expected to run this themselves. EXIT_CRITERIA = MANUAL ["describe exit criteria"] [LI-HOTFIX] Add changes for CI builds and publishing artifacts to bintray. (#2) TICKET = LI_DESCRIPTION = Travis will kick off a build and publish artifacts to bintray upon creating a tag in the "x.y.z.w" format. EXIT_CRITERIA = MANUAL ["describe exit criteria"] [LI-HOTFIX] Try different encrypted bintray-related env variables for Travis (apache#4) TICKET = LI_DESCRIPTION = Travis couldn't access one of the initially encrypted variables for some reason. EXIT_CRITERIA = MANUAL ["describe exit criteria"] [LI-HOTFIX] Set Bintray-related env variables via repository setting instead of in .travis.yml (apache#5) TICKET = LI_DESCRIPTION = EXIT_CRITERIA = MANUAL ["describe exit criteria"] [LI-HOTFIX] Use the maven repo under the LinkedIn Bintray account to publish artifacts (apache#25) TICKET = LI_DESCRIPTION = EXIT_CRITERIA = MANUAL ["describe exit criteria"] EXIT_CRITERIA = MANUAL ["describe exit criteria"] # EXIT_CRITERIA = <EXIT_CRITERIA> <PARAMETERS> # e.g., # when the specified hash(s) is presented in the history, this commit is no longer needed: # EXIT_CRITERIA = HASH [<hash1>, <hash2> ...] # When the specified tickets are closed and there are patches with these tickets in the title in the commit history, this commit is no longer needed: # EXIT_CRITERIA = TICKET [<ticket1>, <ticket2> ...] # The exit criteria for this commit requires manual investigation: # EXIT_CRITERIA = MANUAL [<description>]
wuqingjun
pushed a commit
to wuqingjun/kafka
that referenced
this pull request
Oct 30, 2020
merge latest changes from Apache/kafka to microsoft/kafka trunk
lianetm
pushed a commit
to lianetm/kafka
that referenced
this pull request
Jun 12, 2023
…ache#14) More abstraction of the Fetcher code to split into classes to buffer raw results (FetchBuffer) and to collect raw results into ConsumerRecords (FetchCollector).
lianetm
pushed a commit
to lianetm/kafka
that referenced
this pull request
Jun 12, 2023
…ache#14) More abstraction of the Fetcher code to split into classes to buffer raw results (FetchBuffer) and to collect raw results into ConsumerRecords (FetchCollector).
apalan60
referenced
this pull request
in apalan60/kafka
Apr 20, 2025
apalan60
referenced
this pull request
in apalan60/kafka
Apr 28, 2025
FrankYang0529
referenced
this pull request
in FrankYang0529/kafka
Aug 28, 2025
fetch when source cluster leader change
Raikion201
added a commit
to Raikion201/kafka
that referenced
this pull request
Apr 17, 2026
Issue apache#4 — Quota entity serialization: Sort entity keys alphabetically before joining with "|" separator, so (user+client-id) always serializes identically regardless of HashMap iteration order. Previously could produce different strings for the same entity, causing silent duplicates. Issue apache#5 — Hardcoded credentials: SecurityStoreConfig.resolveValue() now supports ${VAR} and ${VAR:-default} syntax for environment variable substitution. Updated server.properties to use ${KAFKA_SECURITY_STORE_USER:-kafka} and ${KAFKA_SECURITY_STORE_PASSWORD:-kafka}. Issue apache#6 — Byte cast: Use rs.getShort() to match SMALLINT column type, then cast to byte. Previous getInt() + (byte) cast had overflow risk in theory. Issue apache#7 — MetadataLoader silent partial load: injectSecurityData() now throws on failure instead of silently returning stale image. Prevents users from retaining revoked access. Issue apache#10 — apiKey filter comments: Extracted SECURITY_STORE_API_KEYS constant with inline comments identifying each record type. Replaced boolean chain with Set.contains(). Issue apache#11 — persistUpsertion fragility: Now searches records by (name, mechanism) instead of assuming the target is always the last record. Throws IllegalStateException if no matching record is found. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Raikion201
added a commit
to Raikion201/kafka
that referenced
this pull request
Apr 17, 2026
Issue apache#4 — Quota entity serialization: Sort entity keys alphabetically before joining with "|" separator, so (user+client-id) always serializes identically regardless of HashMap iteration order. Issue apache#5 — Hardcoded credentials: SecurityStoreConfig.resolveValue() now supports ${VAR} and ${VAR:-default} syntax for environment variable substitution. server.properties updated to use env vars by default. Issue apache#6 — Byte cast: Use rs.getShort() to match SMALLINT column type, then cast to byte. Issue apache#7 — MetadataLoader silent partial load: injectSecurityData() now throws on failure instead of silently returning stale image. Issue apache#10 — apiKey filter comments: Extracted SECURITY_STORE_API_KEYS constant with inline comments. Issue apache#11 — persistUpsertion fragility: Searches records by (name, mechanism) instead of assuming the target is last. Also add .gitignore entries for .metals/, .bloop/, and runtime logs. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
blitzy Bot
pushed a commit
to blitzy-public-samples/blitzy-kafka
that referenced
this pull request
Apr 18, 2026
Resolve all 9 Minor and 10 Info findings from the Checkpoint 1 code review, correcting factual inaccuracies, citation line-range imprecisions, and cross- artifact consistency drift. No modifications to pre-existing Kafka source, tests, build files, or comments — Audit Only rule preserved. Findings by file: accepted-mitigations.md #1 [MINOR] AclCache imports corrected: org.apache.kafka.server.immutable (PCollections-backed Kafka-internal) instead of Guava's com.google.common.collect. apache#2 [MINOR] API surface rewritten to reflect PCollections-style structural- sharing methods .updated()/.added()/.removed() instead of Guava builder pattern. apache#3 [MINOR] ZstdCompression BufferPool path split: wrap-for-output uses zstd-jni RecyclingBufferPool.INSTANCE (L55-L63), wrap-for- input uses ChunkedBytesStream (L65-L75), wrap-for-zstd-input uses anonymous Kafka-owned BufferPool delegating to BufferSupplier (L77-L98). apache#4 [INFO] MAX_RECORDS_PER_USER_OP citation corrected: declaration at QuorumController.java:L185; AclControlManager.java:L52 is the static import only. apache#5 [INFO] AclCache.removeAcl(Uuid) line corrected to L91-L103 (was L89+). references.md apache#6 [MINOR] SafeObjectInputStream citation range tightened from L17-L25 (class header + imports only) to L25-L62 covering the class declaration, DEFAULT_NO_DESERIALIZE_CLASS_NAMES blocklist (L27-L37), resolveClass (L43-L52), and isBlocked helper (L54-L62). apache#7 [INFO] PropertyFileLoginModule citation corrected to L42-L50, pointing at the Javadoc PLAINTEXT warning (L47-L48) plus the class declaration (L50). remediation-roadmap.md apache#8 [INFO] Gantt markers sanitised: all :done/:active markers replaced with :crit (illustrative critical emphasis) or plain markers to avoid any visual suggestion of work already performed. Explanatory blockquote added clarifying the marker change. severity-matrix.md apache#9 [MINOR] 7 occurrences of parenthesised '(Accepted Mitigation)' replaced with bracketed '[Accepted Mitigation]' per Global Conventions for plain-text markers. Cross-validated 9 bracketed instances, 0 parenthesised remaining. README.md apache#11 [MINOR] HEAD commit reference corrected to the pre-audit baseline 6d16f68 (was 8a99096, a mid-audit snapshot); baseline attestation now refers to the commit immediately before the audit began. apache#12 [MINOR] Snapshot date unified to 2026-04-17 across all artifacts. apache#14 [INFO] '25 files' claim qualified as 'planned at project completion' vs 'delivered at this checkpoint (15 files)'. attack-surface-map.md apache#16 [MINOR] Clients module category count corrected from 'six' to 'nine' (actual Mermaid edges: C1, C2, C3, C4, C5, C7, C8, C9, C10). apache#17 [MINOR] Connect module category count corrected from 'five' to 'seven' (actual Mermaid edges: C1, C4, C6, C7, C8, C9, C10). oauth-jwt-validation-paths.md apache#18 [INFO] Outer citation ranges tightened: BrokerJwtValidator.configure at L107-L138 (not L102-L134); OAuthBearerUnsecuredValidatorCallbackHandler.handleCallback at L154-L177 (not L161-L204, which spanned unrelated helpers); allowableClockSkewMs helper cited separately at L194-L207. executive-summary.html Cross-ref A [MINOR] HEAD commit aligned to 6d16f68 at three sites (L621, L668, L1544); methodology Mermaid node re-labelled 'Baseline 6d16f68'. Cross-ref B [MINOR] Snapshot date aligned to 2026-04-17 at two sites (L619, L1542). Out-of-scope (Info-level forward-refs): apache#10, apache#13, apache#15 — Links to docs/security-audit/findings/*.md deliverables not yet present at Checkpoint 1; expected per scope boundary; will resolve at Checkpoint 2 when the 10 per-category findings files land. Validation results (Phase 3): - Mermaid fences: all balanced (20 blocks total, all typed) - HTML tag balance: 22 sections + all 20+ tag types balanced - CDNs intact: reveal.js 5.1.0, Mermaid 11.4.0, Font Awesome 6.6.0 - Emojis: zero across all 15 artifacts - TODOs/placeholders introduced: zero - Gantt markers: :crit + plain only (no :done/:active) - Cross-artifact consistency: zero wrong SHA/date values remaining - Citation ranges: 12 verified against AclCache, QuorumController, AclControlManager, ZstdCompression, SafeObjectInputStream, PropertyFileLoginModule, BrokerJwtValidator, and OAuthBearerUnsecuredValidatorCallbackHandler. Audit Only rule verification: git diff --name-status 6d16f68..HEAD returns only 'A' entries, all under docs/security-audit/. Zero modifications, deletions, or renames of any pre-existing Kafka path.
blitzy Bot
pushed a commit
to blitzy-public-samples/blitzy-kafka
that referenced
this pull request
Apr 18, 2026
QA Checkpoint #1 identified 9 MINOR documentation-quality findings in the Apache Kafka 4.2 security audit deliverables. All 9 findings are documentation corrections confined to the docs/security-audit/ tree; no source code, tests, or build configuration touched — fully compliant with the Audit Only rule. FIXES APPLIED (by QA finding number): Issue #1 [MINOR] — findings/07-external-function-callback-misuse.md L247 Validation Checklist cited legacy path 'internals/secured/BrokerJwtValidator.java'. Updated to current Kafka 4.2 canonical path 'clients/src/main/java/org/apache/kafka/common/security/oauthbearer/BrokerJwtValidator.java' with an explanatory note that the class was reorganized out of the internals/secured sub-package in a prior Kafka refactor. Issue apache#2 [MINOR] — findings/08-deserialization-attacks.md L305 Same pattern as #1 — Validation Checklist updated from 'internals/secured/{Broker,Client}JwtValidator.java' to 'clients/.../oauthbearer/{Broker,Client}JwtValidator.java' with explanatory note. Issue apache#3 [MINOR] — findings/09-information-leakage.md L245 Validation Checklist cited legacy path 'connect/runtime/src/main/java/org/apache/kafka/connect/runtime/RecordRedactor.java'. Updated to current canonical path 'metadata/src/main/java/org/apache/kafka/metadata/util/RecordRedactor.java' with explanatory note. Issue apache#4 [MINOR] — findings/09-information-leakage.md L248 Validation Checklist BrokerJwtValidator and ClientJwtValidator paths updated to current 'oauthbearer/' canonical paths with explanatory note. Issue apache#5 [MINOR] — findings/10-public-api-developer-misuse.md L298 Validation Checklist BrokerJwtValidator path updated to current 'oauthbearer/BrokerJwtValidator.java:L131' canonical path with explanatory note. Issue apache#6 [MINOR] — findings/10-public-api-developer-misuse.md L302 Validation Checklist cited legacy path 'server-common/src/main/java/org/apache/kafka/server/config/ReplicationConfigs.java'. Updated to current canonical path 'server/src/main/java/org/apache/kafka/server/config/ReplicationConfigs.java' with explanatory note that the file moved from the server-common module to the server module in a prior Kafka refactor. Issue apache#7 [MINOR] — references.md Section 3.1 Configuration Added missing entry for 'AllowedPaths.java' ('clients/src/main/java/org/apache/kafka/common/config/internals/AllowedPaths.java'), inserted between the DirectoryConfigProvider and EnvVarConfigProvider entries. Finding 01 cites AllowedPaths 14 times; this bibliography gap is now closed. Issue apache#8 [MINOR] — references.md Section 7 Server Module Added missing entry for 'SocketServerConfigs.java' ('server/src/main/java/org/apache/kafka/network/SocketServerConfigs.java'), inserted after the ReplicationConfigs entry with an inline note about the 'org.apache.kafka.network' vs 'org.apache.kafka.server.config' package mismatch. Findings 03 (11 cites) and 10 (5 cites) reference SocketServerConfigs; this bibliography gap is now closed. Issue apache#9 [MINOR] — findings/01 and findings/10 section header numbering Harmonized H2 section headers to match the numbered 1-10 pattern used by findings 02-09. Applied 20 header replacements total: 10 in finding 01 ('## Category' -> '## 1. Category', etc.), 10 in finding 10 (same pattern). Validation Checklist and Key Insights remain unnumbered per the existing majority convention. Content substance is unchanged; only section prefixes updated. VALIDATION RESULTS: - All 6 canonical file paths verified via 'test -f' to exist in the Kafka source tree at HEAD. - Zero stale 'internals/secured/', 'connect/runtime/.../RecordRedactor', or 'server-common/.../ReplicationConfigs' references remain across the audit corpus. - All 10 findings now have exactly 10 numbered H2 section headers (verified via 'grep -cE "^## [0-9]+\. "'). - Markdown fence balance intact (all diagram files: 4 fences each; findings: all balanced). - Cross-referenced anchors (DISALLOW_NONE, ALLOW_LEADING_ZEROS, AllowedPaths, MAX_RECORDS_PER_USER_OP) preserved. - references.md entries verified present (AllowedPaths=1 match, SocketServerConfigs=1 match). AUDIT ONLY RULE COMPLIANCE: Modifications confined exclusively to documentation artifacts under docs/security-audit/. Zero source code, test, build-configuration, or inline-comment modifications. The untracked 'blitzy/' directory (pre-existing baseline) is NOT part of this commit. Files changed: 6 (+46 / -26 lines) M docs/security-audit/findings/01-filesystem-access-path-traversal.md M docs/security-audit/findings/07-external-function-callback-misuse.md M docs/security-audit/findings/08-deserialization-attacks.md M docs/security-audit/findings/09-information-leakage.md M docs/security-audit/findings/10-public-api-developer-misuse.md M docs/security-audit/references.md
blitzy Bot
pushed a commit
to blitzy-public-samples/blitzy-kafka
that referenced
this pull request
Apr 19, 2026
…ndings Address QA Final Checkpoint apache#4 findings for unmitigated Critical/High CVEs in pinned runtime dependencies. Per the user-specified Audit Only rule, no source code or gradle/dependencies.gradle modifications are performed; this commit only enhances the docs/security-audit/ deliverable to surface CVE findings maximally (markdown files explicitly related to the analysis are permitted by the rule). New consolidated CVE advisory hub: - docs/security-audit/cve-snapshot.md (new, 477 lines) Aggregates the 3 gating findings (lz4-java CVE-2025-12183 CVSS 8.8 and CVE-2025-66566 CVSS 8.2 [Critical x 2]; Jetty CVE-2026-1605 CVSS 7.5 [High] GzipHandler native-memory DoS) plus 5 informational findings (CVE-2026-2332 Jetty HTTP/1.1 chunk-ext Medium; CVE-2026-5795 Jetty JASPI Medium but not exploitable in Kafka; CVE-2025-68161 Log4j2 operator-configuration-dependent Medium; CVE-2026-0636 and CVE-2026-5588 Bouncy Castle Low and non-exploitable in Kafka). Includes Mermaid reachability flowchart, per-CVE mechanism, business impact, and future-state operator compensating controls. Enhanced existing audit artifacts with CVE cross-references: - docs/security-audit/README.md: dependency table now has CVE Snapshot column; cve-snapshot.md added to Core Documents navigation; audit file count updated 25 -> 26 and 6 -> 7 core markdowns; perofrmace typo preserved verbatim. - docs/security-audit/dependency-inventory.md: 12 distinct edits add a CVE column, enrich Mermaid per-dependency colouring with CVE overlay, and document per-dependency CVE posture with fix versions. - docs/security-audit/severity-matrix.md: 9 edits add new supply-chain rows (02.3 lz4-java Critical x 2; 06.6 Jetty GzipHandler High) and update pie chart totals to reflect new roll-up counts. - docs/security-audit/remediation-roadmap.md: 8 edits add Section 3.2.7 (lz4-java KIP-track migration), Section 3.4.4 (Jetty 12.0.22 supply chain upgrade), new Gantt bar (st3), and Section 2/7/8 updates; all future-state language (consider/evaluate/may/could) - no imperatives. - docs/security-audit/findings/02-low-level-code-safety.md: 12 coordinated edits add lz4-java CVE evidence (02.3), severity entry, and business impact narrative. - docs/security-audit/findings/06-network-subprocess-access.md: 14 coordinated edits add Jetty GzipHandler CVE evidence (06.6), new Section 4.6 and Section 5.6, severity matrix entry, and consequence apache#6 in business impact. - docs/security-audit/executive-summary.html: 3 edits flag CVE findings on Slide 18 dependency table via orange/red triangle-exclamation icons with title attributes citing the CVE identifiers and badges. 22-slide discipline preserved; 0 emojis; reveal.js 5.1.0, Font Awesome 6.6.0, and Mermaid 11.4.0 CDN references intact. No changes to any source tree, build file, or gradle manifest. Only docs/security-audit/ paths touched. Audit Only rule fully honored. QA findings addressed: - Issue 1 (lz4-java Critical x 2): documented with severity, CVSS, CWE, business impact, and future-state remediation path (KIP-track) - Issue 2 (Jetty High): documented with severity, CVSS, GzipHandler DoS attack narrative, pre-authentication reachability, and Jetty 12.0.32+ / 12.1.6+ (or 12.0.34 / 12.1.8) upstream fix versions - Issue 3/4 (Medium/Low informational): all 5 CVEs documented with appropriate severity notes and scope qualifiers (not exploitable in Kafka / operator-configuration-dependent / not reachable)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.