Closed sp-gupta closed 1 year ago
Vulnerable dependency "postgresql" for kafka-connect-jdbc CVE: https://confluentinc.atlassian.net/browse/CCDB-5300
Upgrade postgresql to 42.4.3 as per here.
mvn dependency:tree output
mvn dependency:tree
[INFO] +- org.xerial:sqlite-jdbc:jar:3.25.2:runtime [INFO] +- org.postgresql:postgresql:jar:42.4.3:runtime [INFO] | \- org.checkerframework:checker-qual:jar:3.5.0:runtime [INFO] +- com.oracle.database.jdbc:ojdbc8-production:pom:19.7.0.0:runtime [INFO] | +- com.oracle.database.jdbc:ojdbc8:jar:19.7.0.0:runtime
All committers have signed the CLA.
Problem
Vulnerable dependency "postgresql" for kafka-connect-jdbc CVE: https://confluentinc.atlassian.net/browse/CCDB-5300
Solution
Upgrade postgresql to 42.4.3 as per here.
Does this solution apply anywhere else?
If yes, where?
Test Strategy
mvn dependency:tree
outputTesting done:
Release Plan
[CCDB-5300]: https://confluentinc.atlassian.net/browse/CCDB-5300?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ