Chapter 6. Fixed issues

The following sections list the issues fixed in AMQ Streams 2.2.x. Red Hat recommends that you upgrade to the latest patch release.

For details of the issues fixed in Kafka 3.2.0, 3.2.1, and 3.2.3, refer to the Kafka 3.2.0 Release Notes, Kafka 3.2.1 Release Notes, and Kafka 3.2.3 Release Notes.

6.1. Fixed issues for AMQ Streams 2.2.2

The AMQ Streams 2.2.2 patch release (Long Term Support) is now available.

HTTP/2 DoS vulnerability (CVE-2023-44487)

The release addresses CVE-2023-44487, a critical Denial of Service (DoS) vulnerability in the HTTP/2 protocol. The vulnerability stems from mishandling multiplexed streams, allowing a malicious client to repeatedly request new streams and promptly cancel them using an RST_STREAM frame. By doing so, the attacker forces the server to expend resources setting up and tearing down streams without reaching the server-side limit for active streams per connection. For more information on this vulnerability, see the CVE-2023-44487 page for a description.

For additional details about the issues resolved in AMQ Streams 2.2.2, see AMQ Streams 2.2.x Resolved Issues.

6.2. Fixed issues for AMQ Streams 2.2.1

For additional details about the issues resolved in AMQ Streams 2.2.1, see AMQ Streams 2.2.x Resolved Issues.

6.3. Fixed issues for AMQ Streams 2.2.0

Table 6.1. Fixed issues

Issue NumberDescription


[KAFKA] MirrorMaker 2.0 negative lag


"VertxException: Thread blocked" during Topic Operator startup


Bridge should not use slf4j-api and log4j-api at the same time


Improve logging in KafkaRoller


Fix non-cascading deletion of the StrimziPodSet resources


Reconciliation failures for KafkaConnector resources are not counted in operator metrics


Rolling update force-rolls pods during cluster startup


Add support for parsing storage in millibyte units


Fail reconciliation when invalid storage unit is used


Avoid unnecessary rolling updates of the Cruise Control deployment


Missing annotation ANNO_STRIMZI_IO_CLUSTER_CA_CERT_GENERATION on pods cause errors in CO log during Kafka reconciliations


Kafka Connect Build should fail when curl download fails


Errors on KafkaRebalance custom resource not logged properly


Handle FIPS mode in the AMQ Streams Drain cleaner


[KAFKA] Unauthenticated clients may cause OutOfMemoryError on brokers

Table 6.2. Fixed common vulnerabilities and exposures (CVEs)

Issue NumberDescription


CVE-2020-36518 jackson-databind: denial of service via a large depth of nested objects


CVE-2022-24823 netty: world readable temporary file containing sensitive data


CVE-2022-25647 Deserialization of Untrusted Data in