search

confluentinc / kafka-connect-jdbc

Kafka Connect connector for JDBC-compatible databases
Other
1.01k stars 954 forks source link

[CCDB-5300] Upgrade postgresql to 42.4.3 #1288

Closed sp-gupta closed 1 year ago

sp-gupta commented 1 year ago

Problem

Vulnerable dependency "postgresql" for kafka-connect-jdbc CVE: https://confluentinc.atlassian.net/browse/CCDB-5300

Solution

Upgrade postgresql to 42.4.3 as per here. Checked that postgresql 42.4.x is available from branch 5.0.x onwards Will do ping merge after PR merge

Does this solution apply anywhere else?
If yes, where?

Test Strategy

mvn dependency:tree output

[INFO] +- org.xerial:sqlite-jdbc:jar:3.25.2:runtime
[INFO] +- org.postgresql:postgresql:jar:42.4.3:runtime
[INFO] |  \- org.checkerframework:checker-qual:jar:3.5.0:runtime
[INFO] +- com.oracle.database.jdbc:ojdbc8-production:pom:19.7.0.0:runtime
[INFO] |  +- com.oracle.database.jdbc:ojdbc8:jar:19.7.0.0:runtime
Testing done:

Release Plan

[CCDB-5300]: https://confluentinc.atlassian.net/browse/CCDB-5300?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ
sp-gupta commented 1 year ago

LGTM. Please test with docker-playground.

Thanks Parag for the suggestion. I have checked with docker playground. The postgres data is getting ingested to the topic via jdbc source connector.

Screenshot 2023-01-09 at 6 11 40 PM