Changelog for VMware Tanzu GemFire Sink Connector for Confluent Platform

Version 1.0.18

  • Upgraded org.springframework:spring-core to 6.1.14 to fix CVE-2024-38827
  • Upgraded org.springframework:spring-beans to 6.1.14 to fix CVE-2024-38827

Version 1.0.17

  • Spring-web, Protobuf-java, Commons-io CVEs fix

Version 1.0.16

  • Fix CVE-2023-44794, CVE-2024-22259, CVE-2023-35116, CVE-2023-44794

Version 1.0.15

  • Upgraded org.springframework:spring-web from 6.1.3 to 6.1.4 to fix CVE-2024-22243 CVE-2024-22259 CVE-2024-22262

Version 1.0.14

  • Upgraded org.bitbucket.b_c:jose4j version to 0.9.6 to fix CVE-2023-31582
  • Upgraded org.springframework:spring-web to 6.1.3 to fix CVE-2023-34053
  • Upgraded org.apache.shiro:shiro-core to 1.13.0 fix CVE CVE-2023-34478

Version 1.0.13

  • Migration: Jenkins -> Semaphore

Version 1.0.12

  • updated connect-plugins-parent to 0.8.32 to fix CVE-2023-2976

Version 1.0.11

  • CC-19267 Fix for CVEs: CVE-2016-1000027 CVE-2020-13956 CVE-2021-29425 CVE-2021-34797 CVE-2021-45105 CVE-2022-34870 CVE-2022-37021 CVE-2022-37022 CVE-2022-37023 CVE-2023-22602

Version 1.0.10

  • Bumped org.apache.shiro_shiro-core:1.10.0 to fix CVE
  • Bumped com.fasterxml.jackson.core_jackson-databind:2.13.4.2 to fix CVE

Version 1.0.9

  • CCDB-4882: Bumped com.google.code.gson_gson:2.9.0 to fix CVE
  • CCDB-4686, CCDB-4687: Bumped spring.web:5.3.20 to fix CVE

Version 1.0.8

  • Bumped Log4j to 2.16.0

Version 1.0.7

  • Bumped log4j to 2.15.0
  • Updated Jenkinsfile Nodelabel

Version 1.0.6

  • CCDB-3694: Bump org.apache.shiro shiro-core version to fix CVE.

Version 1.0.5

No changes

Version 1.0.4

  • MINOR: Upgrade connect-plugins-parent to upgrade jackson-databind.

Version 1.0.3

No changes

Version 1.0.2

  • CC-12043: Fix CVEs in Pivotal GemFire Sink
  • CC-9115: Upgrade parent pom.xml file

Version 1.0.1

  • Update gemfire-sink-connector.properties

Version 1.0.0

Initial version