Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🔐 Update dependencies to fix vulnerabilities #57

Closed
wants to merge 1 commit into from
Closed

🔐 Update dependencies to fix vulnerabilities #57

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions doc/changes/changelog.md
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

26 changes: 26 additions & 0 deletions doc/changes/changes_1.1.7.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
# Kinesis Connector Extension 1.1.7, released 2024-??-??

Code name: Fixed vulnerability CVE-2024-23080 in joda-time:joda-time:jar:2.8.1:compile

## Summary

This release fixes the following vulnerability:

### CVE-2024-23080 (CWE-476) in dependency `joda-time:joda-time:jar:2.8.1:compile`
Joda Time v2.12.5 was discovered to contain a NullPointerException via the component org.joda.time.format.PeriodFormat::wordBased(Locale).
#### References
* https://ossindex.sonatype.org/vulnerability/CVE-2024-23080?component-type=maven&component-name=joda-time%2Fjoda-time&utm_source=ossindex-client&utm_medium=integration&utm_content=1.8.1
* http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-23080
* https://github.com/advisories/GHSA-gxgx-2mvf-9gh5

## Security

* #56: Fixed vulnerability CVE-2024-23080 in dependency `joda-time:joda-time:jar:2.8.1:compile`

## Dependency Updates

### Exasol Kinesis Connector Extension

#### Compile Dependency Updates

* Updated `com.amazonaws:aws-java-sdk-kinesis:1.12.698` to `1.12.700`
10 changes: 5 additions & 5 deletions doc/user_guide/user_guide.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,8 +45,8 @@ the port number `2580` for http.
Upload the jar file using curl:

```bash
curl -X PUT -T exasol-kinesis-connector-extension-1.1.6.jar \
http://w:[email protected]:2580/kinesis/exasol-kinesis-connector-extension-1.1.6.jar
curl -X PUT -T exasol-kinesis-connector-extension-1.1.7.jar \
http://w:[email protected]:2580/kinesis/exasol-kinesis-connector-extension-1.1.7.jar
```

> Please also check out Exasol [BucketFS Client][bucketfs-client] as an
Expand Down Expand Up @@ -111,21 +111,21 @@ Create the following UDF scripts. Please do not change the names of the scripts.
CREATE OR REPLACE JAVA SET SCRIPT KINESIS_METADATA (...)
EMITS (KINESIS_SHARD_ID VARCHAR(130), SHARD_SEQUENCE_NUMBER VARCHAR(2000)) AS
%scriptclass com.exasol.cloudetl.kinesis.KinesisShardsMetadataReader;
%jar /buckets/bfsdefault/kinesis/exasol-kinesis-connector-extension-1.1.6.jar;
%jar /buckets/bfsdefault/kinesis/exasol-kinesis-connector-extension-1.1.7.jar;
/
;

--/
CREATE OR REPLACE JAVA SET SCRIPT KINESIS_IMPORT (...) EMITS (...) AS
%scriptclass com.exasol.cloudetl.kinesis.KinesisShardDataImporter;
%jar /buckets/bfsdefault/kinesis/exasol-kinesis-connector-extension-1.1.6.jar;
%jar /buckets/bfsdefault/kinesis/exasol-kinesis-connector-extension-1.1.7.jar;
/
;

--/
CREATE OR REPLACE JAVA SET SCRIPT KINESIS_CONSUMER (...) EMITS (...) AS
%scriptclass com.exasol.cloudetl.kinesis.KinesisImportQueryGenerator;
%jar /buckets/bfsdefault/kinesis/exasol-kinesis-connector-extension-1.1.6.jar;
%jar /buckets/bfsdefault/kinesis/exasol-kinesis-connector-extension-1.1.7.jar;
/
;
```
Expand Down
2 changes: 1 addition & 1 deletion pk_generated_parent.pom
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 3 additions & 3 deletions pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
<modelVersion>4.0.0</modelVersion>
<groupId>com.exasol</groupId>
<artifactId>kinesis-connector-extension</artifactId>
<version>1.1.6</version>
<version>1.1.7</version>
<name>Exasol Kinesis Connector Extension</name>
<description>Exasol Kafka Extension for accessing Apache Kafka</description>
<url>https://github.com/exasol/kinesis-connector-extension/</url>
Expand All @@ -30,7 +30,7 @@
<dependency>
<groupId>com.amazonaws</groupId>
<artifactId>aws-java-sdk-kinesis</artifactId>
<version>1.12.698</version>
<version>1.12.700</version>
</dependency>
<dependency>
<groupId>com.exasol</groupId>
Expand Down Expand Up @@ -434,7 +434,7 @@
<parent>
<artifactId>kinesis-connector-extension-generated-parent</artifactId>
<groupId>com.exasol</groupId>
<version>1.1.6</version>
<version>1.1.7</version>
<relativePath>pk_generated_parent.pom</relativePath>
</parent>
</project>
2 changes: 1 addition & 1 deletion src/test/java/com/exasol/cloudetl/kinesis/IntegrationTestConstants.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
package com.exasol.cloudetl.kinesis;

public class IntegrationTestConstants {
public static String JAR_FILE_NAME = "exasol-kinesis-connector-extension-1.1.6.jar";
public static String JAR_FILE_NAME = "exasol-kinesis-connector-extension-1.1.7.jar";
public static String TEST_SCHEMA_NAME = "kinesis_schema";
public static String DEFAULT_EXASOL_DOCKER_IMAGE = "8.24.0";
public static String LOCALSTACK_DOCKER_IMAGE = "localstack/localstack:3.2";
Expand Down