Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update pom.xml to use hadoop version 3.2.4 #256

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Update pom.xml to use hadoop version 3.2.4 #256

wants to merge 3 commits into from

Conversation

tojaroslaw
Copy link

Update pom.xml to use hadoop version 3.3.3 to remediate security vulnerabilities

CVE-2021-37404
CVE-2022-26612

This addresses the issue raised here:
confluentinc/kafka-connect-storage-cloud#508

Problem

Solution

Does this solution apply anywhere else?
  • yes
  • no
If yes, where?

Test Strategy

Testing done:
  • Unit tests
  • Integration tests
  • System tests
  • Manual tests

Release Plan

@tojaroslaw
Update pom.xml to use hadoop version 3.3.3
86edf93 
Update pom.xml to use hadoop version 3.3.3 to remediate security vulnerabilities

CVE-2021-37404
CVE-2022-26612

This addresses the issue raised here:
confluentinc/kafka-connect-storage-cloud#508
@tojaroslaw tojaroslaw requested a review from a team as a code owner July 21, 2022 19:26
@CLAassistant
Copy link

CLAassistant commented Jul 21, 2022
edited
Loading

CLA assistant check
All committers have signed the CLA.

@tojaroslaw tojaroslaw mentioned this pull request Jul 21, 2022
Open
@tojaroslaw tojaroslaw changed the title Update pom.xml to use hadoop version 3.3.3 Update pom.xml to use hadoop version 3.2.3 Jul 25, 2022
@tojaroslaw
Hadoop 3.2.3 -> 3.2.4
5c17f43 
3.2.4 just got released, my company tested with this latest patch and things still works
@tojaroslaw tojaroslaw changed the title Update pom.xml to use hadoop version 3.2.3 Update pom.xml to use hadoop version 3.2.4 Jul 28, 2022
@cameronwaterman
Copy link

My team is tracking these CVEs. Any chance this PR will be going in soon?

@maxgax
Copy link

maxgax commented Aug 22, 2022

@kkonstantine, would you be able to review this dependency update? This is required to resolve two critical security vulnerabilities.

@nabinnepal
Copy link

Is this PR going to get merged soon?

@tojaroslaw
Copy link
Author

tojaroslaw commented Sep 12, 2022
edited
Loading

I'd love to be able to merge this if someone from confluent could review it
@kkonstantine?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tooptoop4 tooptoop4 tooptoop4 approved these changes

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@tojaroslaw @CLAassistant @cameronwaterman @maxgax @nabinnepal @tooptoop4