search

confluentinc / kafka-connect-jdbc

Kafka Connect connector for JDBC-compatible databases
Other
1.01k stars 954 forks source link

[CCDB-5300] Upgrade postgresql to 42.4.3 #1286

Closed sp-gupta closed 1 year ago

sp-gupta commented 1 year ago

Problem

Vulnerable dependency "postgresql" for kafka-connect-jdbc CVE: https://confluentinc.atlassian.net/browse/CCDB-5300

Solution

Upgrade postgresql to 42.4.3 as per here.

Does this solution apply anywhere else?
If yes, where?

Test Strategy

mvn dependency:tree output

[INFO] +- org.xerial:sqlite-jdbc:jar:3.25.2:runtime
[INFO] +- org.postgresql:postgresql:jar:42.4.3:runtime
[INFO] |  \- org.checkerframework:checker-qual:jar:3.5.0:runtime
[INFO] +- com.oracle.database.jdbc:ojdbc8-production:pom:19.7.0.0:runtime
[INFO] |  +- com.oracle.database.jdbc:ojdbc8:jar:19.7.0.0:runtime
Testing done:

Release Plan

[CCDB-5300]: https://confluentinc.atlassian.net/browse/CCDB-5300?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
CLAassistant commented 1 year ago

CLA assistant check
All committers have signed the CLA.