From 86edf9308cc2b55dd86ca6e62b67ed20ef9cd6e9 Mon Sep 17 00:00:00 2001 From: Toby Mac Date: Thu, 21 Jul 2022 15:25:18 -0400 Subject: [PATCH 1/3] Update pom.xml to use hadoop version 3.3.3 Update pom.xml to use hadoop version 3.3.3 to remediate security vulnerabilities CVE-2021-37404 CVE-2022-26612 This addresses the issue raised here: https://github.com/confluentinc/kafka-connect-storage-cloud/issues/508 --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 82ab60a8b..2396ddbb2 100644 --- a/pom.xml +++ b/pom.xml @@ -74,7 +74,7 @@ 1.2.17-cp8 http://packages.confluent.io/maven/ 6.1.6 - 2.10.2 + 3.3.3 2.3.9 4.5.13 4.4.4 From ccc2b704f756aaa2fb3a21535e70b3a06fb030d0 Mon Sep 17 00:00:00 2001 From: Toby Mac Date: Mon, 25 Jul 2022 14:49:33 -0400 Subject: [PATCH 2/3] 3.2.3 worked better in testing --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index 2396ddbb2..be2582417 100644 --- a/pom.xml +++ b/pom.xml @@ -74,7 +74,7 @@ 1.2.17-cp8 http://packages.confluent.io/maven/ 6.1.6 - 3.3.3 + 3.2.3 2.3.9 4.5.13 4.4.4 From 5c17f43d7cd339864dd01a470c7627cda115a260 Mon Sep 17 00:00:00 2001 From: Toby Mac Date: Thu, 28 Jul 2022 14:56:03 -0400 Subject: [PATCH 3/3] Hadoop 3.2.3 -> 3.2.4 3.2.4 just got released, my company tested with this latest patch and things still works --- pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pom.xml b/pom.xml index be2582417..7f8bcafb5 100644 --- a/pom.xml +++ b/pom.xml @@ -74,7 +74,7 @@ 1.2.17-cp8 http://packages.confluent.io/maven/ 6.1.6 - 3.2.3 + 3.2.4 2.3.9 4.5.13 4.4.4