confluentinc / kafka-connect-datagen

Connector that generates data for demos

Apache License 2.0

20 stars 87 forks source link

CC-25375: CVE fix for apache common-compress package #148

Closed kapilchhajer closed 8 months ago

kapilchhajer commented 8 months ago

Problem

[CVE-2024-25710](https://nvd.nist.gov/vuln/detail/CVE-2024-25710) : Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue.

Solution

Upgrade package commons.compress to 1.26.0

Does this solution apply anywhere else?

[ ] yes
[ ] no

If yes, where?

Test Strategy

Testing done:

[x] Unit tests
[ ] Integration tests
[ ] System tests
[x] Manual tests

Release Plan

sonarqube-confluent[bot] commented 8 months ago

Passed

Analysis Details

0 Issues

0 Bugs
0 Vulnerabilities
0 Code Smells

Coverage and Duplications

No coverage information (82.90% Estimated after merge)
0.00% Duplicated Code (1.90% Estimated after merge)

Project ID: kafka-connect-datagen

View in SonarQube