Instaclustr is pleased to announce the immediate general availability of Instaclustr for Apache Kafka® and Apache Kafka® Connect 2.8.2, 3.0.2, and 3.1.2 on our managed platform.
These versions of Apache Kafka include the fix for CVE-2022-34917 (which we previously provided advice on in this blog post) along with other bug fixes. While Kafka Connect is not impacted by the CVE, these new versions do include several bug fixes, and customers are recommended to upgrade. Upgrading from one bugfix release to the next (i.e. from 2.8.1 to 2.8.2, or from 3.0.0 to 3.0.2, or from 3.1.1 to 3.1.2) should not cause compatibility issues since the newer versions do not introduce any breaking changes.
As communicated recently as part of the operating system patching notification to all customers, customers on Kafka and Kafka Connect versions 2.8.1, 3.0.2, and 3.1.2 will be upgraded to the respective new bugfix versions during the upcoming operating system upgrades.
Customers on Kafka and Kafka Connect versions lower than 2.8.1 have been individually notified of the need to upgrade to receive the fix for this CVE, and we recommend getting in touch with us via our support website to schedule upgrades as soon as possible. Our recommendation is based on the results from our internal investigations which identified that older versions of Kafka are also likely susceptible to the same issues as listed in the CVE.
With the release of these new Kafka and Kafka Connect versions, we have now marked the superseded Kafka and Kafka Connect versions 2.8.1, 3.0.0, and 3.1.1 as being in the lifecycle state of Closed. For new customers this means they will not have the option of provisioning new clusters of these Closed versions. They are recommended to use one of the generally available versions. For existing customers who are running clusters on any of the Closed versions, they will continue to have access to that Closed version to allow them time to undertake testing, client upgrades etc. and prepare to upgrade to one of the generally available versions.
If you require any further clarification or assistance, please feel free to reach out to us via our support website.