Add CVE-2018-17196, fix some links. (#223)
Fix some links that were pointing to 2.2.
Add CVE-2018-17196 to the cve-list page.
Reviewers: Matthias J. Sax <mjsax@apache.org>
diff --git a/cve-list.html b/cve-list.html
index 4b1651e..a7bb658 100644
--- a/cve-list.html
+++ b/cve-list.html
@@ -8,6 +8,34 @@
This page lists all security vulnerabilities fixed in released versions of Apache Kafka.
+<h2><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17196">CVE-2018-17196</a>
+<p>In Apache Kafka versions between 0.11.0.0 and 2.1.0, it is possible to manually
+craft a Produce request which bypasses transaction/idempotent ACL validation.
+Only authenticated clients with Write permission on the respective topics are
+able to exploit this vulnerability. Users should upgrade to 2.1.1 or later
+where this vulnerability has been fixed.</p>
+
+<table class="data-table">
+<tbody>
+ <tr>
+ <td>Versions affected</td>
+ <td>0.11.0.0 to 2.1.0</td>
+ </tr>
+ <tr>
+ <td>Fixed versions</td>
+ <td>2.1.1 and later</td>
+ </tr>
+ <tr>
+ <td>Impact</td>
+ <td>This issue could result in privilege escalation.</td>
+ </tr>
+ <tr>
+ <td>Issue announced</td>
+ <td>10 July 2019</td>
+ </tr>
+</tbody>
+</table>
+
<h2><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1288">CVE-2018-1288</a>
Authenticated Kafka clients may interfere with data replication</h2>
diff --git a/intro.html b/intro.html
index ab71a3c..12544fe 100644
--- a/intro.html
+++ b/intro.html
@@ -5,7 +5,7 @@
<div class="right">
<h1>Introduction</h1>
<!-- should always link the the latest release's documentation -->
- <!--#include virtual="22/introduction.html" -->
+ <!--#include virtual="23/introduction.html" -->
<!--#include virtual="includes/_footer.htm" -->
diff --git a/protocol.html b/protocol.html
index cdfb66d..f356929 100644
--- a/protocol.html
+++ b/protocol.html
@@ -1,2 +1,2 @@
<!-- should always link the the latest release's documentation -->
-<!--#include virtual="22/protocol.html" -->
+<!--#include virtual="23/protocol.html" -->
diff --git a/quickstart.html b/quickstart.html
index e7a0f1f..da9da0a 100644
--- a/quickstart.html
+++ b/quickstart.html
@@ -5,7 +5,7 @@
<div class="right">
<h1>Quickstart</h1>
<!-- should always link the the latest release's documentation -->
- <!--#include virtual="22/quickstart.html" -->
+ <!--#include virtual="23/quickstart.html" -->
<!--#include virtual="includes/_footer.htm" -->
<script>
// Show selected style on nav item
diff --git a/uses.html b/uses.html
index fa07951..f826e33 100644
--- a/uses.html
+++ b/uses.html
@@ -6,7 +6,7 @@
<h1>Use cases</h1>
<!-- should always link the the latest release's documentation -->
-<!--#include virtual="22/uses.html" -->
+<!--#include virtual="23/uses.html" -->
<!--#include virtual="includes/_footer.htm" -->
