APPSEC-4267: update azure-identity to 1.12.2

confluentinc / common

Common utilities library containing metrics, config and utils

Apache License 2.0

1 stars 241 forks source link

APPSEC-4267: update azure-identity to 1.12.2 #622

Closed janjwerner-confluent closed 5 days ago

janjwerner-confluent commented 1 month ago

Update azure identity to resolve CVE-2024-35255

trnguyencflt commented 1 month ago

@janjwerner-confluent could you please check if this version of azure-identity match the corresponding version of azure-storage in azure parent pom. The two dependencies need to be upgraded together. In the past, we had an issue where only one azure-identity was updated, which caused issue in storage module, which uses azure-storage of incompatible version.

janjwerner-confluent commented 1 month ago

Hey Truc, Thanks for checking, we can wait with this update until the end of the month (we have code freeze anyways) and update all the azure dependencies in unison. There is KSECURITY-4212 that handles this issue for ce-kafka. The matching version is still in beta (https://mvnrepository.com/artifact/com.azure/azure-storage-blob/12.27.0-beta.1)

trnguyencflt commented 1 month ago

Thanks for checking, we can wait with this update until the end of the month (we have code freeze anyways) and update all the azure dependencies in unison

make sense, thanks 👍