Closed venkatteki closed 1 year ago
Two nits:
Thank you for the catch with the incorrect versions @naveenmall11
@confluentinc/connect-team1 can you please review this PR
Thank you for the catch with the incorrect versions @naveenmall11
@janjwerner-confluent can we confirm on twistlock that these dependencies are not there on this PR scan?
The latest build 18 takes down CVE count from 23 in master to 8 the remaining issues are connector breaking. https://twistlock.tools.confluent-internal.io/#!/monitor/vulnerabilities/images/ci?search=Confluent%20Public%20Repo%20PR%20builder%2Fkafka-connect-hdfs%2FPR-652 Please review / test /merge. @venkatteki @snehashisp
@confluentinc/connect-team1 Can you please review
Verified the connector in kafka-docker-playground. Merging this
Problem
woodstox-core:5.3.0 and jettison:1.1 are vulnerable.
Solution
Pin woodstox-core:6.5.0 and jettison:1.5.3 to fix the CVE
Does this solution apply anywhere else?
If yes, where?
Test Strategy
Testing done:
Release Plan