Visit NES for Apache Kafka Home Page
NES for Apache Kafka Release Notes
Comprehensive release notes and changelog for NES for Apache Kafka, including security patches, bug fixes, and feature updates across all supported versions.
4 Patched Vulnerabilities
VEX Statements
Kafka
3.1.3 (NES) - November 15, 2025
Notes
- This release originates from the open‑source Kafka project forked by HeroDevs. It encompasses modifications implemented by HeroDevs to ensure successful framework builds.
Bug Fixes
This release patches the following:
- CVE-2023-25194: potentially enabling remote code execution via unsafe Java deserialization
- CVE-2024-31141: allows an attacker who can supply untrusted client or connector configuration to abuse built-in ConfigProviders to read arbitrary files or environment variables
- CVE-2025-27817: allows an attacker who can supply untrusted client or connector configuration to misuse OAuth-related SASL settings to trigger arbitrary file reads or SSRF
- CVE-2024-56128: potentially enables an attacker with plaintext visibility into a SCRAM authentication exchange to exploit the lack of required nonce verification
Full Version: 3.1.2-kafka-3.1.3