ChangeLog: https://downloads.apache.org/kafka/3.6.1/RELEASE_NOTES.html
Improvement
* In Java-client, backoff should be skipped for retried producer-batch to a new
leader
* Upgrade ZooKeeper to 3.8.3
Bug
* block-cache-capacity metrics worth twice as much as normal
* Gradle build fails with missing commitId after git gc
* Concurrency bug in RemoteIndexCache leads to IOException
* RackId doesn't exist error while running WordCountDemo
* Handle large keystores in SslEngineValidator
* Duplicate Producer ID blocks during ZK migration
* StateRestoreListener#onRestoreSuspended is never called because wrapper
DelegatingStateRestoreListener doesn't implement onRestoreSuspended
* Breaking change in 3.4.0 ByteBufferSerializer
* Topics marked for deletion in ZK are incorrectly migrated to KRaft
* Possible NPE is thrown in MirrorCheckpointTask
* Fix CVE-2023-4586 in netty:handler
* NPE in ChunkedByteStream
* Zookeeper.jar | CVE-2023-44981
* Partition-Count is not getting updated Correctly in the Incremental
Co-operative Rebalancing(ICR) Mode of Rebalancing
* Disabling scheduled rebalance delay in Connect can lead to indefinitely
unassigned connectors and tasks
* LeaveGroupResponse v0-v2 should handle no members
* ProduceRequest#partitionSizes() is not an atomic operation
* ZK brokers incorrectly handle KRaft metadata snapshots
* Malformed connect source offsets corrupt other partitions with DataException
* Trying to access uncopied segments metadata on listOffsets
* KRaft controller writes empty state to ZK after migration
Task
* Add 3.5.0 to broker/client and streams upgrade/compatibility tests
* Rolling upgrade system tests are failing
* Remote log segments should be considered once for retention breach
* Add 3.4.0 streams upgrade/compatibility tests
Test
* Add tests for RemoteIndexCache
* Flaky test ZkMigrationIntegrationTest.testMigrateTopicDeletions
PR: 275611
Reported by: timp87@gmail.com
MFH: 2023Q4 (security fix)
Security: CVE-2023-4586
Authorization Bypass Through User-Controlled Key vulnerability in Apache
ZooKeeper.
Note that this only affects SASL Quorum Peer authentication which is
not enabled by default.
Base Score: 9.1 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
PR: 275611
strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated
remote code execution via a DH public value that exceeds the internal buffer in
charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can
occur via a crafted IKE_SA_INIT message.
NVD score not yet provided.
PR: 275620
mpifx does not build with MPICH-4.x:
see <https://github.com/dftbplus/mpifx/issues/48>.
A fix for this issue has been committed, but nothing has been released yet:
meanwhile I propose the attached patch to a recent tag in order to fix the
error.
Remark: this fix requires mpi_f08.mod, to be installed by MPICH.
PR: 275432
Approved by: yuri@ 'maintainer)
Upgrade to 4.1.2
Release notes at <https://www.mpich.org/2023/06/08/mpich-4-1-2-released/>.
It also installs mpi_f08.mod and some other interfaces, but this requires
ISO_Fortran_binding.h to be found.
PR: 275317
Exp-run by: antoine@
The code generator was ported from C to Python for version 6.8.0 and
there were a few typos and bugs in it causing build failure of some
ports like graphics/qgis.
Reported by: rhurlin
