来源:Apache Kafka官网
发布日期:2020-01-13
阅读次数:725
评论:0
更新标题
Apache Kafka Connect REST API may expose plaintext secrets in tasks endpoint
更新详情
When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are
configured with one or more config providers, and a connector is created/updated on
that Connect cluster to use an externalized secret variable in a substring of a
connector configuration property value (the externalized secret variable is not the
whole configuration property value), then any client can issue a request to
the same Connect cluster to obtain the connector's task configurations and
the response will contain the plaintext secret rather than the externalized secrets variable.
Users should upgrade to 2.0.2 or higher, 2.1.2 or higher, 2.2.2 or higher, or 2.3.1 or higher
where this vulnerability has been fixed.
软件描述
Apache Kafka是一个分布式发布 - 订阅消息系统和一个强大的队列,可以处理大量的数据,并使你能够将消息从一个端点传递到另一个端点。 Kafka适合离线和在线消息消费。 Kafka消息保留在磁盘上,并在群集内复制以防止数据丢失。 Kafka构建在ZooKeeper同步服务之上。 它与Apache Storm和Spark非常好地集成,用于实时流式数据分析。
评论