-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Update deps to fix CVEs * Aim to release today * Update doc/changes/changes_2.0.3.md Co-authored-by: Christoph Pirkl <[email protected]> * Add note about excluded CVE --------- Co-authored-by: Christoph Pirkl <[email protected]>
- Loading branch information
1 parent
d8d2a5e
commit 6b9cf68
Showing
8 changed files
with
175 additions
and
104 deletions.
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
# Spark Connector Common Java 2.0.3, released 2023-11-23 | ||
|
||
Code name: Update transitive dependencies to fix CVEs | ||
|
||
## Summary | ||
Updated transitive dependencies to fix: | ||
* zookeeper: CVE-2023-44981, severity CWE-639: Authorization Bypass Through User-Controlled Key (9.1) | ||
* exasol-testcontainers: CVE-2023-4043, severity CWE-20: Improper Input Validation (7.5) | ||
* arvo: CVE-2023-39410, severity CWE-502: Deserialization of Untrusted Data (7.5) | ||
|
||
CVE-2023-4586 is silenced, as there is no fix at the moment. | ||
|
||
## Features | ||
|
||
* #27: Fixed vulnerabilities in zookeeper, parsson, avro | ||
|
||
## Dependency Updates | ||
|
||
### Compile Dependency Updates | ||
|
||
* Added `org.apache.avro:avro:1.11.3` | ||
* Added `org.apache.zookeeper:zookeeper:3.7.2` | ||
|
||
### Test Dependency Updates | ||
|
||
* Updated `com.exasol:exasol-testcontainers:6.6.2` to `7.0.0` | ||
|
||
### Plugin Dependency Updates | ||
|
||
* Updated `com.exasol:error-code-crawler-maven-plugin:1.3.0` to `1.3.1` | ||
* Updated `com.exasol:project-keeper-maven-plugin:2.9.12` to `2.9.16` | ||
* Updated `org.apache.maven.plugins:maven-enforcer-plugin:3.4.0` to `3.4.1` | ||
* Updated `org.apache.maven.plugins:maven-failsafe-plugin:3.1.2` to `3.2.2` | ||
* Updated `org.apache.maven.plugins:maven-javadoc-plugin:3.5.0` to `3.6.2` | ||
* Updated `org.apache.maven.plugins:maven-surefire-plugin:3.1.2` to `3.2.2` | ||
* Updated `org.codehaus.mojo:versions-maven-plugin:2.16.0` to `2.16.1` | ||
* Updated `org.jacoco:jacoco-maven-plugin:0.8.10` to `0.8.11` | ||
* Updated `org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184` to `3.10.0.2594` |
Oops, something went wrong.