Changelog for HDFS 3 Sink Connector for Confluent Platform

Version 1.1.32

  • CVE Fixes: CVE-2024-29857, CVE-2024-30171, CVE-2024-30172

Version 1.1.31

  • CVE Fixes: CVE-2016-5397, CVE-2018-1320, CVE-2019-0205, CVE-2019-0210, CVE-2020-13949, CVE-2023-35116, CVE-2024-29131, CVE-2023-51775, CVE-2024-23944, CVE-2024-29025, CVE-2023-52428

Version 1.1.30

  • CVE Fixes: CVE-2023-34462, CVE-2023-33201, CVE-2023-4586, CVE-2024-26308, CVE-2023-2976
  • CVE Fix: CVE-2023-44981
  • CVE Fix: CVE-2023-4586
  • Update CODEOWNERS

Version 1.1.29

  • ESC-581: Update hadopp, jackson, jetty, snakeyml dependencies.

Version 1.1.28

  • RCCA-16236 : Remediate the risk of data loss while writing AVRO files to HDFS.
  • Bump apache ivy for CVE-2022-46751.

Version 1.1.27

  • Update avatica version

Version 1.1.26

  • Resolved the following CVEs: CVE-2023-2976, CVE-2023-26048, CVE-2023-26049, and sonatype-2022-643.

Version 1.1.25

  • Updated dependencies to address CVEs

Version 1.1.24

  • Updated woodstox-core and jackson-databind dependency

Version 1.1.23

  • Updated Apache Ivy version to remove vulnerability

Version 1.1.22

  • CCMSG-2151: CVE fix for jetty
  • CCMSG-2149: CVE fix for netty
  • CCMSG-2148: CVE fix for bouncycastle
  • CCMSG-2158: CVE fix for hadoop

Version 1.1.21

  • CCMSG-2170: Updated Derby version
  • Removed logging of SinkRecord

Version 1.1.20

  • Implemented closing file systems in WAL File Reader when an exception is caught

Version 1.1.19

  • CCMSG-1955: CVE fix - Removed dependency on slf4j-log4j12

Version 1.1.18

No changes

Version 1.1.17

  • CCMSG-2038: Address CVEs in hadoop.

Version 1.1.16

No changes

Version 1.1.15

  • CCMSG-1957: Replace confluent-log4j with reload4j for CVE fix
  • CCMSG-1654: Replace hadoop-shaded-protobuf with storage-common to fix Protobuf-Java CVE-2021-22569-1

Version 1.1.14

  • CCMSG-1687 CVE fix for guava test scoped dependency.

Version 1.1.13

  • CCMSG-1906 Address CVEs for ant, jsp, groovy, derby, netty and orc.

Version 1.1.12

  • CCMSG-1797 update to latest storage commons to fix Avro CVE
  • CCMSG-1798 added exclusion for ant to fix CVE

Version 1.1.11

  • Minor: Set fs.automatic.close to false in Hadoop configuration to cleanup temp files

Version 1.1.10

  • Minor:Upgrade connect-commons-plugins from 0.8.12 to 0.8.13 to use backward compatible licensing jar
  • Minor:Upgrade connect-commons-plugins from 0.8.11 to 0.8.12 to remove nano version
  • CCMSG-1749 upgraded storage commmons to latest to resolve jackson databind 2.13.2 CVE
  • CVE: Upgrade connect-commons-plugins from 0.8.10 to 0.8.11
  • CCMSG-1730 updated to latest commons to fix jackson databind CVE-2020-36518
  • CCMSG-1653 resolved protobuf CVE by upgrading to latest commons

Version 1.1.9

  • CCMSG-1614 Update log4j to latest (2.17.1)
  • Bump log4j version to v2.17.0

Version 1.1.8

  • Bump log4j version to 2.16.0

Version 1.1.7

  • Bump up the dependency for log4j to 2.15.0

Version 1.1.6

  • CCMSG-1369: Correctly calculate and track kafka consumer group offset
  • Bump storage-common version to 10.0.8 and exclude netty-codec
  • CCMSG-1419 [CVE] Upgrade netty version to 4.1.68.final

Version 1.1.5

  • Fix duplicates in hive for parquet and Avro

Version 1.1.4

  • CCMSG-1234: Pin version of nimbus-jose-jwt to upgrade shaded json-smart to 2.4.7

Version 1.1.3

  • CCMSG-1329: Prevent leak of fs in io.confluent.connect.hdfs.wal.WALFile
  • Upgrade commons compress to 1.21 to resolve CVE

Version 1.1.2

  • CCMSG-1179: Bump storage-common, netty, jersey and add exclusions to resolve CVES
  • CCMSG-1066: Update json-smart to 2.4.7 through parent to resolve CVE
  • CC-15014: Bump jetty, hadoop version to resolve CVEs

Version 1.1.1

  • CCSMSG-852: Swallow exception when applying corrupt WAL

Version 1.1.0

  • Update kafka-connect-storage-common-htrace-core4-shaded to 10.0.3 to resolve CVE
  • CCMSG-435: Upgrade parent pom to 0.6.2, storage-common to 10.0.3 and jackson-databind to 2.10.5.1 to resolve CVE
  • CCMSG-609: Upgrade bouncy castle to 1.67 to resolve CVE
  • Update Avatica transitive dependency to 1.17.0 and fix CVEs
  • SEC-1034: log4j migration to Confluent repackaged version
  • CC-8758: Upgrade Netty to 4.1.48.Final and add exclusions to resolve CVE
  • Pin BeanUtils to 1.9.4 to resolve CVE
  • CC-8713: Exclude Jetty transient dependencies and resolve CVE
  • CC-9756: Validate timezone configuration with rotate.schedule.interval.ms
  • CC-8809: Replace assignment with topicPartitionWriters.keySet
  • CC-8119: Fix HDFS 3 version file and add test
  • CC-8103: HDFS 3 format options are not showing all available options
  • Fix NullPointerException that occurs for the config store.url property
  • CC-6423: Disable FileSystem Object Caching
  • CC-5969: Pass extra connector configs to the partitioner