HeroDevs
Visit NES for Kafka Home Page

Release Notes

Complete Changelog for NES for Kafka

Kafka

3.1.3 (NES) - November 15, 2025

Notes

  • This release originates from the open‑source Kafka project forked by HeroDevs. It encompasses modifications implemented by HeroDevs to ensure successful framework builds.

Bug Fixes

This release patches the following:

  • CVE-2023-25194: potentially enabling remote code execution via unsafe Java deserialization
  • CVE-2024-31141: allows an attacker who can supply untrusted client or connector configuration to abuse built-in ConfigProviders to read arbitrary files or environment variables
  • CVE-2025-27817: allows an attacker who can supply untrusted client or connector configuration to misuse OAuth-related SASL settings to trigger arbitrary file reads or SSRF
  • CVE-2024-56128: potentially enables an attacker with plaintext visibility into a SCRAM authentication exchange to exploit the lack of required nonce verification

Full Version: 3.1.2-kafka-3.1.3

Setup
Installation and configuration guide for NES for Kafka 3.1.x
Previous Article
Published Maven Packages
Available versions of NES Maven artifacts
Next Article