kafka-connect-storage-common icon indicating copy to clipboard operation
kafka-connect-storage-common copied to clipboard

Published 20 hours ago verified publisher icon confluentinc

Update pom.xml to use hadoop version 3.2.4

Open tojaroslaw opened this issue 3 years ago • 5 comments

Update pom.xml to use hadoop version 3.3.3 to remediate security vulnerabilities

CVE-2021-37404 CVE-2022-26612

This addresses the issue raised here: https://github.com/confluentinc/kafka-connect-storage-cloud/issues/508

Problem

Solution

Does this solution apply anywhere else?
  • [ ] yes
  • [ ] no
If yes, where?

Test Strategy

Testing done:
  • [ ] Unit tests
  • [ ] Integration tests
  • [ ] System tests
  • [ ] Manual tests

Release Plan

tojaroslaw avatar Jul 21 '22 19:07 tojaroslaw

CLA assistant check
All committers have signed the CLA.

CLAassistant avatar Jul 21 '22 19:07 CLAassistant

My team is tracking these CVEs. Any chance this PR will be going in soon?

cameronwaterman avatar Aug 05 '22 18:08 cameronwaterman

@kkonstantine, would you be able to review this dependency update? This is required to resolve two critical security vulnerabilities.

maxgax avatar Aug 22 '22 20:08 maxgax

Is this PR going to get merged soon?

nabinnepal avatar Sep 09 '22 16:09 nabinnepal

I'd love to be able to merge this if someone from confluent could review it @kkonstantine?

tojaroslaw avatar Sep 12 '22 20:09 tojaroslaw