Closed rvesse closed 2 months ago
TelicentPaul
commented
2 months ago Looks like we're not done. I'll add some tweaks to tackle the HIGH vulnerabilties
TYPE NAME VERSION SEVERITY VULNERABILITY EPSS % maven snappy-java MODERATE CVE-2023-34454 N/A maven snappy-java MODERATE CVE-2023-34453 N/A maven snappy-java HIGH CVE-2023-43642 N/A maven snappy-java HIGH CVE-2023-34455 N/A maven commons-collections4 HIGH CVE-2015-6420 N/A maven commons-collections4 CRITICAL CVE-2015-7501 N/A
rvesse
commented
2 months ago Looks like we're not done. I'll add some tweaks to tackle the HIGH vulnerabilties
TYPE NAME VERSION SEVERITY VULNERABILITY EPSS % maven snappy-java MODERATE CVE-2023-34454 N/A maven snappy-java MODERATE CVE-2023-34453 N/A maven snappy-java HIGH CVE-2023-43642 N/A maven snappy-java HIGH CVE-2023-34455 N/A maven commons-collections4 HIGH CVE-2015-6420 N/A maven commons-collections4 CRITICAL CVE-2015-7501 N/A
Discussed via PMs, these were from testing with another scanning tool that doesn't seem to be extracting the version information correctly so just assumes those dependencies are vulnerable when we are using up to date versions that actually aren't
Under some circumanstances, especially when custom batching strategies are used, it is possible for Fuseki to take a very long time, or even never start servicing requests, due to how Kafka Connectors are starters. This commit makes the starting of the connectors a protected method so derived modules can override the lifecycle stage where Kafka connectors are started.