Changelog for Google Cloud Dataproc Sink Connector for Confluent Platform

Version 1.2.8

  • Multiple CVE Fixes
  • ADD gcp.credentials.santize sanatizer
  • RCCA-16272: Add GCP creds type validator

Version 1.2.7

  • CVE fixes: CVE-2023-32731, CVE-2023-1428, CVE-2022-46751, CVE-2023-2976, CVE-2023-34455, CVE-2023-43642

Version 1.2.6

  • CC-20696 - Fixed CVEs for libthrift, profobuf-java-util

Version 1.2.5

  • CVE fix: CC-20330, CC-20331, CC-20973, CC-21164

Version 1.2.4

  • CC-20638 Pinned SnakeYAML version 2.0 to fix CVE

Version 1.2.3

  • Fixed CVEs for json-smart, protobuf-java, Jettison

Version 1.2.2

  • CCMSG-2216: Bumped jackson-databind to
  • CCMSG-2246: Bumped jettison to 1.5.3
  • CCMSG-2268: Bumped woodstox-core to 6.5.0
  • CCMSG-2341: Bumped ivy to 2.5.1

Version 1.2.1

  • MINOR: Bumped log4j-core version to version > 2.16.0
  • CCMSG-2030, CCMSG-2119, CCMSG-2175: CVE fix for Velocity, Avatica and Calcite dependency
  • CCMSG-2110, CCMSG-2108: Removed logging of sink record

Version 1.2.0

  • CCMSG-1879: Removed region validator and recommender
  • CCMSG-1685: CVE fix for guava dependency
  • DP-8085: Migrated to Semaphore self-hosted agent
  • CCMSG-2016: Addressed CVEs by updating Hadoop dependency
  • CCMSG-1931: Updated connect-plugin-parent to pull Gson
  • CCMSG-1768: Updated storage common version
  • CCMSG-1634: Upgraded storage commmons to latest to resolve jackson-databind 2.13.2 CVE
  • CCMSG-1719: Updated to latest commons to fix jackson-databind CVE-2020-36518
  • CCMSG-1663: Updated to latest commons to fix protobuf and log4j CVE
  • CCDB-4482: Updated log4j to 2.16.0
  • CCLOG-1305: Bumped up the dependency for log4j to 2.15.0
  • Changed FFI and io-like constraints to use versions which have the acceptable licensing
  • CCMSG-1345, CCMSG-1410, CCMSG-1411: Upgraded google-cloud-dataproc, google-api-common and guava dep and exclude velocity-engine-core dep to resolve CVEs
  • CCMSG-1265: Upgraded parent to 0.6.6 and resolve CVE in commons compress dependency
  • CCMSG-1054: Upgraded json-smart to 2.4.7 through parent and resolve CVE
  • Updated the support term for Dataproc Sink
  • CCMSG-882: Made network access to Dataproc cluster more strict
  • MINOR: Updated README to mention manual cleanup for created instances
  • Fixed integration tests by excluding conflicting dependencies
  • CCMSG-780: Updated kafka-connect-storage-common-parent to 10.0.4 to resolve CVE