[fix][sec] Upgrade Debezium oracle connector version to avoid CVE-202…

…3-4586 (#22641)
apache · May 3, 2024 · 4a59536 · 4a59536
1 parent 7a8c454
commit 4a59536
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/pom.xml b/pom.xml
@@ -198,6 +198,7 @@ flexible messaging model and an intuitive client API.</description>
     <opensearch.version>1.2.4</opensearch.version>
     <elasticsearch-java.version>8.5.2</elasticsearch-java.version>
     <debezium.version>1.9.7.Final</debezium.version>
+    <debezium.oracle.version>2.2.0.Final</debezium.oracle.version>
     <debezium.postgresql.version>42.5.0</debezium.postgresql.version>
     <debezium.mysql.version>8.0.30</debezium.mysql.version>
     <!-- Override version that brings CVE-2022-3143 with debezium -->

diff --git a/pulsar-io/debezium/oracle/pom.xml b/pulsar-io/debezium/oracle/pom.xml
@@ -48,7 +48,8 @@
     <dependency>
       <groupId>io.debezium</groupId>
       <artifactId>debezium-connector-oracle</artifactId>
-      <version>${debezium.version}</version>
+      <version>${debezium.oracle.version}</version>
+      <scope>runtime</scope>
     </dependency>
 
   </dependencies>