Changelog for HDFS 2 Sink Connector for Confluent Platform

Version 10.2.17

PR-740 - CC-34816: Bumped jersey-core version to 1.13 to resolve CVE-2014-3643.

PR-739 - CC-34196: Bumped commons-beanutils:commons-beanutils version to 1.11.0 to resolve CVE-2025-48734.

PR-736 - CC-30700: Bumped com.jayway.jsonpath version to 2.9.0 to resolve CVE-2023-51074
PR-736 - CC-33758: Bumped kafka-connect-storage-common version to 11.2.24 to resolve CVE-2024-13009
PR-736 - CC-33759: Bumped kafka-connect-storage-common version to 11.2.24 to resolve CVE-2025-46762

PR-733 - CC-32379: Use RE2/J to address potential ReDOS vulnerability in java.util.regex

PR-727 - CC-33022, CC-33021: Bumped kafka-connect-storage-common version to 11.2.22 to resolve CVE-2025-30065

PR-705 - CC-29504: Bumped kafka-connect-storage-common version to 11.2.20 to resolve CVE-2024-47561
PR-705 - CC-29566: Bumped kafka-connect-storage-common version to 11.2.20 to resolve CVE-2024-8184
PR-705 - CC-29601: Bumped velocity-engine-core dependency version to 2.4 to resolve CVE-2024-47554

PR-704 - CC-29302: Bumped protobuf-java dependency version to 3.25.5 to resolve CVE-2024-7254
PR-704 - CC-29425: Bumped commons-io dependency version to 2.14.0 to resolve CVE-2024-47554

PR-703 - CC-28069: Bumped tomcat-embed-core dependency version to 8.5.100 to resolve CVE-2021-30640, CVE-2021-33037, CVE-2021-42340, CVE-2022-23181, CVE-2022-25762, CVE-2022-29885, CVE-2022-34305, CVE-2022-42252, CVE-2023-28708, CVE-2023-41080, CVE-2023-42795, CVE-2023-44487, CVE-2023-45648, CVE-2023-46589, CVE-2024-24549

PR-702 - CC-27237: Bumped libthrift dependency version to 0.14.0 to resolve CVE-2020-13949
PR-702 - CC-27444: Bumped aircompressor dependency version to 0.27.0 to resolve CVE-2024-36114

PR-700 - CC-27233: Bumped jetty-io dependency version to 9.4.53.v20231009 to resolve CVE-2023-44487, CVE-2023-36478, CVE-2023-41900, CVE-2023-40167 and CVE-2023-36479
PR-693 - CC-26341: Bumped jackson-databind dependency version to 2.16.1 to resolve CVE-2023-35116
PR-693 - CC-26342: Bumped nimbus-jose-jwt dependency version to 9.37.2 to resolve CVE-2023-52428
PR-693 - CC-26343: Excluded commons-httpclient dependency to resolve CVE-2020-13956
PR-693 - CC-26345: Bumped okio dependency version to 3.4.0 to resolve CVE-2023-3635
PR-693 - CC-26346: Bumped netty-codec-http dependency version to 4.1.108.Final to resolve CVE-2024-29025
PR-693 - CC-27071: Bumped avatica-core dependency version to 1.22.0 to resolve CVE-2022-36364

PR-688 - CC-26117: Fixed CVE-2023-39410, CVE-2023-4586, CVE-2023-44487, CVE-2023-44981, CVE-2024-26308

PR-652 - Fixed CVE-2020-13956, CVE-2022-2343, CVE-2014-125087, CVE-2021-41973, CVE-2019-0231, CVE-2022-37865, CVE-2022-37866, CVE-2023-1370, CVE-2021-37533, CVE-2023-1436, CVE-2023-1370, CVE-2022-37865, CVE-2014-125087. Updated Ivy, commons-net, json-smart, mina-core and xmlbuilder.

PR-656 - Fixed CVE-2022-40149, CVE-2022-40150, CVE-2022-40153, CVE-2022-42003, CVE-2022-42004.