[RELEASE] Kafka Connect ScyllaDB Sink Connector v1.1.5

nikagra · May 26, 2026, 5:25pm

Hi everyone,

We’re happy to announce the release of Kafka Connect ScyllaDB Sink Connector v1.1.5. This is a patch release focused on security remediations for transitive dependencies.

What’s Changed

CVE-2026-35554 (Kafka Clients): A race condition in the Kafka Java producer buffer pool could cause silent message misrouting and data corruption. Fixed by bumping kafka-clients to 3.9.2. (#163)
CVE-2026-42583 (Netty): Lz4FrameDecoder in netty-codec prior to 4.1.133.Final allocates up to 32 MB per block before decompression, allowing a peer to trigger memory exhaustion (DoS) with a crafted LZ4 header. Fixed by overriding netty to 4.1.133.Final. (#165)
Jackson updated to 2.21.3. (#157)
ScyllaDB Java Driver updated to 4.19.0.9. (#159)

Who should upgrade

This release is recommended for all users, especially those running in environments exposed to untrusted network peers (due to the Netty DoS fix) or producing to multiple topics (due to the Kafka data corruption fix).

Links

Full Changelog: Comparing 1.1.4...1.1.5 · scylladb/kafka-connect-scylladb · GitHub
GitHub Release: Release 1.1.5 · scylladb/kafka-connect-scylladb · GitHub

As always, feel free to report any issues on GitHub.

Topic		Replies	Views
Unable to config kafka-scylla-sink connector(Kafka topic to Scylla Table) ScyllaDB error-message , kafka , configuration	1	133	December 22, 2024
Not able to create Kafka source connector ScyllaDB troubleshooting , kafka	1	507	January 16, 2024
[RELEASE] Scylla CDC Source Connector v2.0.1 Release Notes release , cdc , kafka	0	22	March 20, 2026
New Kafka and ScyllaDB lab on ScyllaDB University University and Training cdc , kafka , integration , scylladb-university	0	666	January 23, 2023
[RELEASE] Scylla CDC Source Connector v2.0.0 Release Notes release , cdc	0	39	February 3, 2026

[RELEASE] Kafka Connect ScyllaDB Sink Connector v1.1.5

What’s Changed

Who should upgrade

Links

Related topics