confluentinc / kafka-connect-datagen

Connector that generates data for demos
Apache License 2.0
20 stars 87 forks source link

CC-25375: CVE fix for apache common-compress package #148

Closed kapilchhajer closed 8 months ago

kapilchhajer commented 8 months ago

Problem

[CVE-2024-25710](https://nvd.nist.gov/vuln/detail/CVE-2024-25710) : Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue.

Solution

Upgrade package commons.compress to 1.26.0

Does this solution apply anywhere else?
If yes, where?

Test Strategy

Testing done:

Release Plan

sonarqube-confluent[bot] commented 8 months ago

Passed

Analysis Details

0 Issues

Coverage and Duplications

Project ID: kafka-connect-datagen

View in SonarQube