Skip to content

Commit

Permalink
Fix security issues (#125)
Browse files Browse the repository at this point in the history
* Upgrade components

* Description

* Upgrade npm deps

* Npm lock

* Changes file

* More upgrades

* Prepare release
  • Loading branch information
Shmuma authored Jan 15, 2025
1 parent 6da3096 commit 632c655
Show file tree
Hide file tree
Showing 12 changed files with 478 additions and 406 deletions.
4 changes: 0 additions & 4 deletions .github/workflows/broken_links_checker.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

39 changes: 0 additions & 39 deletions .github/workflows/ci-build-next-java.yml

This file was deleted.

58 changes: 57 additions & 1 deletion .github/workflows/ci-build.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 4 additions & 4 deletions .settings/org.eclipse.jdt.core.prefs

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

142 changes: 72 additions & 70 deletions dependencies.md

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions doc/changes/changelog.md

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

53 changes: 53 additions & 0 deletions doc/changes/changes_1.7.10.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
# Kafka Connector Extension 1.7.10, released 2025-01-15

Code name: Security fixes in transitive dependencies

## Summary
Fixes several security issues in transitive dependencies: CVE-2024-56128, CVE-2024-12798, CVE-2024-12801 and CVE-2024-52046.
Project keeper was upgraded to the latest version.

## Security

* #121: CVE-2024-56128: org.apache.kafka:kafka_2.13:jar:3.7.1:test
* #122: CVE-2024-12798: ch.qos.logback:logback-core:jar:1.5.12:compile
* #123: CVE-2024-12801: ch.qos.logback:logback-core:jar:1.5.12:compile
* #124: CVE-2024-52046: org.apache.mina:mina-core:jar:2.2.3:test
* #126: Fix CVE-2024-4068 in braces

## Dependency Updates

### Exasol Kafka Connector Extension

#### Compile Dependency Updates

* Updated `ch.qos.logback:logback-classic:1.5.12` to `1.5.16`
* Updated `com.fasterxml.jackson.core:jackson-core:2.18.1` to `2.18.2`
* Updated `com.google.guava:guava:33.3.1-jre` to `33.4.0-jre`
* Updated `org.apache.kafka:kafka-clients:3.7.1` to `3.7.2`

#### Test Dependency Updates

* Updated `com.exasol:exasol-testcontainers:7.1.1` to `7.1.2`
* Updated `com.exasol:maven-project-version-getter:1.2.0` to `1.2.1`
* Updated `com.google.protobuf:protobuf-java:4.28.3` to `4.29.3`
* Updated `io.github.embeddedkafka:embedded-kafka-schema-registry_2.13:7.7.1` to `7.7.2`
* Added `org.apache.mina:mina-core:2.2.4`

#### Plugin Dependency Updates

* Updated `com.exasol:project-keeper-maven-plugin:4.4.0` to `4.5.0`
* Updated `org.apache.maven.plugins:maven-failsafe-plugin:3.5.1` to `3.5.2`
* Updated `org.apache.maven.plugins:maven-site-plugin:3.9.1` to `3.21.0`
* Updated `org.apache.maven.plugins:maven-surefire-plugin:3.5.1` to `3.5.2`
* Updated `org.codehaus.mojo:versions-maven-plugin:2.17.1` to `2.18.0`
* Updated `org.sonarsource.scanner.maven:sonar-maven-plugin:4.0.0.4121` to `5.0.0.4389`

### Extension

#### Development Dependency Updates

* Updated `eslint:9.14.0` to `9.18.0`
* Updated `@types/node:^22.9.1` to `^22.10.6`
* Updated `typescript-eslint:^8.14.0` to `^8.20.0`
* Updated `typescript:^5.6.3` to `^5.7.3`
* Updated `esbuild:^0.24.0` to `^0.24.2`
Loading

0 comments on commit 632c655

Please sign in to comment.