changes_2.0.8.md

Spark Connector Common Java 2.0.8, released 2024-09-23

Code name: Fixed vulnerability CVE-2024-7254 in com.google.protobuf:protobuf-java:jar:3.19.6:provided

Summary

This release fixes vulnerability CVE-2024-7254 in com.google.protobuf:protobuf-java:jar:3.19.6:provided which could lead to unbounded recursion.

Security

• #41: CVE-2024-7254: com.google.protobuf:protobuf-java:jar:3.19.6:provided

Dependency Updates

Compile Dependency Updates

• Removed io.netty:netty-all:4.1.111.Final
• Removed joda-time:joda-time:2.12.7
• Removed org.apache.avro:avro:1.11.3
• Removed org.apache.commons:commons-compress:1.26.2
• Removed org.apache.ivy:ivy:2.5.2
• Removed org.apache.zookeeper:zookeeper:3.9.2
• Removed org.codehaus.janino:janino:3.1.12
• Removed org.xerial.snappy:snappy-java:1.1.10.5