Closed ddonaghy-c closed 1 year ago
nipunnair
commented
1 year ago @ddonaghy-c acknowledged. I see that the request here is to upgrade the version of org.json jar from json-20180130.jar to json-20230227.jar. We will look into it and release an update. cc @vivetiwa
garghima
commented
1 year ago 
pinaruyar
commented
1 year ago Dear Adobe Team,
We experience an error with the manifest file of the new connector release:
With the manifest.json file
Error parsing manifest file manifest.json
com.fasterxml.jackson.databind.exc.MismatchedInputException: Cannot deserialize instance of java.util.ArrayList out of VALUE_STRING token at [Source: (FileInputStream); line: 8, column: 17]
If this issue is fixed up we should be good to go since no vulnerabilities detected at the moment.
Best Regards, CCET Team
vivetiwa
commented
1 year ago @pinaruyar - Could you please point to the attribute which is failing to deserialise as below manifest.json is valid -
{
"component_types": [ "sink" ],
"description": "Adobe Experience Platform Stream connector is based on Kafka Connect. Use this library to stream JSON events from Kafka topics in your datacenter directly into a Adobe Experience Platform in real-time.",
"docker_image": {
"tag": "0.0.17",
"name": "experience-platform-streaming-connect",
"namespace": "adobe",
"registry": "ghcr.io"
},
"documentation_url": "https://github.com/adobe/experience-platform-streaming-connect",
"features": {
"confluent_control_center_integration": true,
"delivery_guarantee": [ "at_least_once"],
"kafka_connect_api": true,
"single_message_transforms": true,
"supported_encodings": [ "json" ]
},
"license": [
{
"name": "Apache License, Version 2.0",
"url": "http://www.apache.org/licenses/LICENSE-2.0",
"logo": "assets/apache_logo.png"
}
],
"logo": "assets/adobe.png",
"name": "streaming-connect-sink",
"owner": {
"logo": "assets/adobe.png",
"name": "Adobe Inc.",
"type": "organization",
"username": "adobeinc"
},
"requirements": [ "AEP Platform Account" ],
"support": {
"logo": "assets/adobe.png",
"provider_name": "Adobe Inc.",
"summary": "Please file issues, suggest changes or feature requests and question at https://github.com/adobe/experience-platform-streaming-connect/issues",
"url": "https://github.com/adobe/experience-platform-streaming-connect/issues"
},
"tags": ["Adobe", "Kafka Connect", "Sink"],
"title": "Adobe Experience Platform Sink Connector",
"version": "0.0.17"
}Thanks, Vivek
pinaruyar
commented
1 year ago Hi @vivetiwa , on the 8th line of the manifest file registry attribute expects a string array rather than a string. Changing "registry": "ghcr.io" to "registry": ["ghcr.io"] should be enough. Best Regards, CCET Team
vivetiwa
commented
1 year ago vivetiwa
commented
1 year ago Done merge the PR.
"docker_image": {
"tag": "0.0.18",
"name": "experience-platform-streaming-connect",
"namespace": "adobe",
"registry": ["ghcr.io"]
}The latest version of the connector has been uploaded to the Confluent Hub and it should be available for download shortly.
Thanks for your assistance.
Regards, CCET Team
Subject of the issue
Connector Vulnerabilities
We regularly perform security scans on Confluent Hub connectors, as per Confluent’s security policy. Unfortunately this connector has been flagged as having unacceptable vulnerabilities and our policy is to escalate the connector to removal stages, unless we receive confirmation that the issues are being addressed by the partner.
I have attached the vulnerability scan to this issue. Please note that we acknowledge two exceptions for vulnerabilities raised: adobe.csv
Partner confirms that vulnerability is a false positive Partner confirms that the issue is valid but not exploitable
Please can you acknowledge receipt of this email, and as soon as possible thereafter let us know your position on these vulnerabilities.
If you require further information on any of the above, please do not hesitate to get in touch.
Best regards, Confluent CCET Team