The below list reflects the actual active maintained Apache Kafka versions. For the project Kafka KRaft on K8s, the versions below will be supported.
Version | Supported |
---|---|
3.7.0 | ✅ |
3.6.1 | ✅ |
3.5.2 | ✅ |
3.5.0 | ❌ |
3.4.1 | ❌ |
3.4.0 | ❌ |
- Start with a descriptive title that summarizes the security vulnerability. In the issue description, provide a clear and detailed explanation of the vulnerability, including what it is, how it can be exploited, and the potential impact.
- Specify the versions or branches of the software or project that are affected by the vulnerability. This helps the maintainers identify the scope of the issue and determine if it has been addressed in newer releases.
- Include step-by-step instructions on how to reproduce the vulnerability. This allows the maintainers to verify the issue and understand the specific conditions under which it occurs.
- If possible, provide a minimal, standalone code snippet or a sample project that demonstrates the vulnerability. This helps the maintainers understand the technical details and aids in the debugging process.
- Describe the potential impact and consequences of the vulnerability. This can include unauthorized access, data leakage, privilege escalation, denial of service, or any other security risks associated with the vulnerability.
- If you have identified any potential mitigations or workarounds for the vulnerability, include them in your report. This can assist the maintainers in providing interim solutions to protect users while a permanent fix is developed.
- If you have obtained a CVE identifier for the vulnerability, include it in the report. A CVE identifier is a unique identifier assigned to publicly known vulnerabilities and helps in tracking and referencing the issue.
- Provide your contact information, such as your email address or any other preferred method of communication. This allows the maintainers to reach out to you for further clarification or updates on the vulnerability.