I am working on unblocking Apache Kafka’s 3.4.0 release. Kafka has a dependency on RocksDB 6.29.4.1. We would like to move to a RocksDB version which has zlib 1.2.12 due to NVD - cve-2018-25032. The first version which satisfies this is 7.1.2. However, that version has removed some APIs which Kafka exposes as public interfaces (additional information available at [KAFKA-14324] Upgrade RocksDB to 7.1.2 by clolov · Pull Request #12809 · apache/kafka · GitHub). The ideal solution would be for us to contribute to a new 6.29.x or 6.29.5.x version of RocksDB and upgrade zlib to 1.2.12. Is there any possibility for such a release or all development efforts have moved to 7.x and we should be looking for alternatives?
Best,
Christo