CVE-2025-27817 kafka client 3.7.2 -> 3.9.1 (NetworkReceive.java has no code changes in the Kafka upstream)
This commit is contained in:
Sergey Matvienko
parent
402cf9b5aa
commit
6e4ee1eb44
@ -103,13 +103,13 @@ public class NetworkReceive implements Receive {
|
||||
if (maxSize != UNLIMITED && receiveSize > maxSize) {
|
||||
throw new ThingsboardKafkaClientError("Invalid receive (size = " + receiveSize + " larger than " + maxSize + ")");
|
||||
}
|
||||
requestedBufferSize = receiveSize; //may be 0 for some payloads (SASL)
|
||||
requestedBufferSize = receiveSize; // may be 0 for some payloads (SASL)
|
||||
if (receiveSize == 0) {
|
||||
buffer = EMPTY_BUFFER;
|
||||
}
|
||||
}
|
||||
}
|
||||
if (buffer == null && requestedBufferSize != -1) { //we know the size we want but havent been able to allocate it yet
|
||||
if (buffer == null && requestedBufferSize != -1) { // we know the size we want but haven't been able to allocate it yet
|
||||
if (requestedBufferSize > TB_LOG_REQUESTED_BUFFER_SIZE) {
|
||||
String stackTrace = Arrays.stream(Thread.currentThread().getStackTrace()).map(StackTraceElement::toString).collect(Collectors.joining("|"));
|
||||
log.error("Allocating buffer of size {} for source {}", requestedBufferSize, source);
|
||||
|
||||
2
pom.xml
2
pom.xml
@ -113,7 +113,7 @@
|
||||
<!-- IMPORTANT: If you change the version of the kafka client, make sure to synchronize our overwritten implementation of the
|
||||
org.apache.kafka.common.network.NetworkReceive class in the application module. It addresses the issue https://issues.apache.org/jira/browse/KAFKA-4090.
|
||||
Here is the source to track https://github.com/apache/kafka/tree/trunk/clients/src/main/java/org/apache/kafka/common/network -->
|
||||
<kafka.version>3.7.2</kafka.version>
|
||||
<kafka.version>3.9.1</kafka.version>
|
||||
<bucket4j.version>8.10.1</bucket4j.version>
|
||||
<antlr.version>3.5.3</antlr.version>
|
||||
<snakeyaml.version>2.2</snakeyaml.version>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user