Closed sp-gupta closed 1 year ago
Vulnerable dependency "postgresql" for kafka-connect-jdbc CVE: https://confluentinc.atlassian.net/browse/CCDB-5300
Upgrade postgresql to 42.4.3 as per here. Checked that postgresql 42.4.x is available from branch 5.0.x onwards Will do ping merge after PR merge
mvn dependency:tree output
mvn dependency:tree
[INFO] +- org.xerial:sqlite-jdbc:jar:3.25.2:runtime [INFO] +- org.postgresql:postgresql:jar:42.4.3:runtime [INFO] | \- org.checkerframework:checker-qual:jar:3.5.0:runtime [INFO] +- com.oracle.database.jdbc:ojdbc8-production:pom:19.7.0.0:runtime [INFO] | +- com.oracle.database.jdbc:ojdbc8:jar:19.7.0.0:runtime
LGTM. Please test with docker-playground.
Thanks Parag for the suggestion. I have checked with docker playground. The postgres data is getting ingested to the topic via jdbc source connector.
Problem
Vulnerable dependency "postgresql" for kafka-connect-jdbc CVE: https://confluentinc.atlassian.net/browse/CCDB-5300
Solution
Upgrade postgresql to 42.4.3 as per here. Checked that postgresql 42.4.x is available from branch 5.0.x onwards Will do ping merge after PR merge
Does this solution apply anywhere else?
If yes, where?
Test Strategy
mvn dependency:tree
outputTesting done:
Release Plan
[CCDB-5300]: https://confluentinc.atlassian.net/browse/CCDB-5300?atlOrigin=eyJpIjoiNWRkNTljNzYxNjVmNDY3MDlhMDU5Y2ZhYzA5YTRkZjUiLCJwIjoiZ2l0aHViLWNvbS1KU1cifQ