search

confluentinc / kafka-connect-storage-common

Shared software among connectors that target distributed filesystems and cloud storage.
Other
5 stars 155 forks source link

Add hadoop shaded guava #317

Closed arihant-confluent closed 1 year ago

arihant-confluent commented 1 year ago

Problem

Hadoop Common 3.2.4 has a vulnerability Hadoop Common 3.3.6 uses hadoop shaded guava in 3.3.6 version in sftp connector use case. Hadoop guava also has a vulnerability and can't be used Without hadoop guava it fails with error:

[ERROR] testPoll(io.confluent.connect.sftp.sink.ParquetWriterTest)  Time elapsed: 0.319 s  <<< ERROR!
01:51:59  java.lang.NoClassDefFoundError: org/apache/hadoop/thirdparty/com/google/common/collect/Interners
01:51:59    at io.confluent.connect.sftp.sink.ParquetWriterTest.testPoll(ParquetWriterTest.java:61)
01:51:59  Caused by: java.lang.ClassNotFoundException: org.apache.hadoop.thirdparty.com.google.common.collect.Interners
01:51:59    at io.confluent.connect.sftp.sink.ParquetWriterTest.testPoll(ParquetWriterTest.java:61)

Solution

Added Hadoop-shaded guava with the latest guava version as per the common pom.

Does this solution apply anywhere else?
If yes, where?

Test Strategy

Testing done:

Release Plan

cla-assistant[bot] commented 1 year ago

CLA assistant check
All committers have signed the CLA.

cla-assistant[bot] commented 1 year ago

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.