Fix Avro CVE - Githubissues

confluentinc / kafka-connect-datagen

Connector that generates data for demos

Apache License 2.0

19 stars 87 forks source link

Fix Avro CVE #136

Closed srishti-saraswat closed 12 months ago

srishti-saraswat commented 12 months ago

Problem

https://confluentinc.atlassian.net/browse/CC-22818 https://confluentinc.atlassian.net/browse/SECOPS-15591

Solution

Update common version and remove unused pinned avro version. Fix schema for transaction.avro

Does this solution apply anywhere else?

[ ] yes
[ ] no

If yes, where?

Test Strategy

mvn dependency:tree | grep org.apache.avro       
[INFO] |  +- org.apache.avro:avro:jar:1.11.3:compile

Testing done:

[ ] Unit tests
[ ] Integration tests
[ ] System tests
[ ] Manual tests

Release Plan

srishti-saraswat commented 12 months ago

Build - https://jenkins.confluent.io/job/Confluent%20Public%20Repo%20PR%20builder/job/kafka-connect-datagen/view/change-requests/job/PR-136/4/

srishti-saraswat commented 12 months ago

Build - https://jenkins.confluent.io/job/Confluent%20Public%20Repo%20PR%20builder/job/kafka-connect-datagen/view/change-requests/job/PR-136/5/